CWE-499
Serializable Class Containing Sensitive Data
The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.
Official CWE-499 definition at MITREImpactr finds and proves weaknesses like CWE-499 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist