Serialization refers to the process of saving an object’s state as a sequence of bytes and conversely, deserialization is the process of rebuilding those bytes back into an object.

Finally, even if serialization support is dropped in a future release of Java, organizations may still have cause for concern as deserialization vulnerabilities are not unique to the JVM.

The vulnerability, tracked as CVE-2025-30065, is a deserialization issue (CWE-502) in Parquet’s Java library that allows execution of maliciously crafted Parquet files.

To show that the flaw they discovered can affect real-world apps, and is not just a theoretical threat, researchers identified: CVE-2017-9424 — a JSON deserialization flaw in Breeze, a .NET data ...

Serialization bugs have been a big problem for Java Reinhold told InfoWorld that serialization issues could be very easily responsible for a third or even a half of all known Java flaws.

Inventory optimization and controlled supply chains are the need of the hour. While COVID-19 revealed supply chain shortcomings at the planning level, for example, the global retail industry witnessed ...