...
reads an "unshared" object from the ObjectInputStream. This method is identical to readObject, except that it prevents subsequent calls to readObject and readUnshared from returning additional references to the deserialized instance obtained via this call.
This means that to serialize a network of objects containing circular references and then to successfully deserialize the same network the writeUnshared/readUnshared methods must not be used.
Noncompliant Code Example
...
Using the writeUnshared() and readUnshared() methods may be badproduce unexpected results.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC62-JG | medium | low | low | P6 | L2 |
...
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
...