CWE-502 on ZAP /alerttags/cwe-502/ Recent content in CWE-502 on ZAP Hugo en-us Java Serialization Object /docs/alerts/90002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90002/ <p>Java Serialization seems to be in use. If not correctly validated, an attacker can send a specially crafted object. This can lead to a dangerous &ldquo;Remote Code Execution&rdquo;. A magic sequence identifying JSO has been detected (Base64: rO0AB, Raw: 0xac, 0xed, 0x00, 0x05).</p>