...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] \[[Sun 06|AA. Java References#Sun 06]\] ""Serialization specification: A.6 Guarding Unshared Deserialized Objects"" \[[Bloch 08|AA. Java References#Bloch 08]\] Item 76: ""Write readObject methods defensively"" |
...
SER33-J. Do not serialize instances of inner classes 14. Serialization (SER) SER35-J. Prevent overwriting of Externalizable Objects