CWE-502 - Deserialization of Untrusted Data

Description

Before saving data for future use software usually checks the information and determines if it's valid or not. If data don't use cryptography it can be easily altered and done untrusted. Under the influence of the weakness application isn't able to serialize trusted and safe object properly. In case of information insecurity it can't be well-formed.
During the process of deserialization untrusted data manages to deceive the system and make it to perceive invalid information as valid. The weakness also allows attackers to obtain and modify information to which they had no access before.
The weakness is introduced during Architecture and Design, Implementation stages.

The weakness is introduced during Architecture and Design, Implementattion stages.

Latest vulnerabilities for CWE-502

References

Description of CWE-502 on Mitre website