The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to ...
text / JSON / SARIF and gate a CI pipeline via its exit code. It is a fast first-pass triage tool, not a full SAST engine: it surfaces candidates for a human reviewer to confirm. Use only against code ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results