Query module EjbSerialization

name
EJB uses substitution in serialization
description
An EJB should not use the subclass or object substitution features of the Java serialization protocol, since their use could compromise security.
kind
problem
problem.severity
error
precision
low
id
java/ejb/substitution-in-serialization
tags
external/cwe/cwe-573

Imports

EJB
EJBRestrictions
java

Provides all default Java QL imports.