BanSerializableRead
Deserializing user input via the `Serializable` API is extremely dangerous

Severity
ERROR

The problem

The Java Serializable API is very powerful, and very dangerous. Any consumption of a serialized object that cannot be explicitly trusted will likely result in a critical remote code execution bug that will give an attacker control of the application. (See Effective Java 3rd Edition ยง85)

Consider using less powerful serialization methods, such as JSON or XML.

Suppression

Suppress false positives by adding the suppression annotation @SuppressWarnings("BanSerializableRead") to the enclosing element.