2 lines
264 B
Plaintext
2 lines
264 B
Plaintext
|
Deserialization process extracts data from the serialized representation of an object and reconstruct it directly, without calling constructors. Thus, data validation implemented in constructors can be bypassed if serialized objects are controlled by an attacker.
|