...
This noncompliant code example lacks defensive copying of the Date object date object, which is mutable. An attacker may be able to create an instance of MutableSer whose date object contains a nefarious subclass of Date whose methods can do the attacker's bidding. Any code that depends on the immutability of the sub-object is vulnerable.
...
This compliant solution creates a defensive copy of the mutable Date object date object in the readObject() method. Note the use of field-by-field input and validation of incoming fields (see rule void SER04-J. Validate deserialized objects for additional information). Additionally, note that this compliant solution is insufficient to protect sensitive data (see rule SER03-J. Prevent serialization of unencrypted, sensitive data for additional information).
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9d533ac5c0763b1a-32ded162-4dd140b3-bda0a2de-dbfaa94c7541630c937e907d"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac8bfa14cf7cf624-31c5a8c5-4e324324-a0afa24e-6ad0e4b552f37a366c6af140"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 76: "Write readObject methods defensively" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="87ea7b667eafe2e1-7718c4e7-47bf47de-9ac9b871-e77b31141602ccd47d414728"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.6 Guarding Unshared Deserialized Objects" | ]]></ac:plain-text-body></ac:structured-macro> |
...