Deserializing an object from untrusted input may result in security problems, such as denial of service or remote code execution.
Avoid using an unsafe deserialization framework.
In this example, a string is deserialized using a
means that arbitrary code may be executed.
To fix this specific vulnerability, we avoid using a type resolver. In other cases, it may be necessary to use a different deserialization framework.