Metalikelihood: Mediumseverity: HighDraft

CAPEC-586Object Injection

Abstraction
Meta
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.

Related weaknesses· 1

CWE-502

Exploits1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-502100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Argument Injection
CAPEC
Oversized Serialized Data Payloads
CAPEC
Command Injection
CAPEC
Code Injection
CAPEC
Serialized Data External Linking
CAPEC
Reflection Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.