s
sprkd
.io
🗡️ Gauntlet
Courses
Roles
Certs
Coach
Pricing
Sign in
🔐
Security & DevSecOps
1 / 14
AppSec & OWASP
Advanced
Why can deserializing untrusted data with Java's native serialization or Python's pickle lead to remote code execution?
A
They disable TLS certificate validation while reading the stream
B
Deserialization always allocates unbounded memory and crashes the host
C
These formats can reconstruct arbitrary object graphs and invoke gadget-chain methods during deserialization
D
They transmit data in plaintext, exposing the class definitions
← Back
Next →