...
The serialized form of the object exposes the file path, which can be altered. When the object is deserialized, the operations will be are performed using the altered path, which can cause the wrong file to be read or modified.
...
Deserializing direct handles to system resources can allow the modification of the resources being referred to.
Bibliography
...
...