Every serializable container class that has private mutable sub-objects instance variables must defensively copy these sub-objects them in the readObject method. An adversary can append extra references to the sub-objects variables to generate a new byte stream. When deserialized, this byte stream allows the creation of a container instance whose internal sub-object variable references will be attacker controllable. Consequently, this allows the instance of the container class to mutate and violate its guarantees.
...