Findings

JSON deserialization error

Updated: June 19, 2025

Description

Severity: High

The JSON payload could not be deserialized.

The JSON data could not be converted into an object or data structure that the receiving system can understand and process. This often happens when the JSON data is malformed, contains syntax errors, or does not match the expected format specified by the application or API. Proper deserialization is essential to accurately interpret and use JSON data for further processing or display.

Example Attack

An attacker sends a malicious JSON payload that exploits a deserialization vulnerability in the server. If the server fails to properly validate the payload, it could lead to denial-of-service (DoS) attacks by overwhelming the system with repeated parsing errors, or even remote code execution if the deserialization process is insecure. Such attacks can disrupt services or compromise sensitive data.

Remediation

Investigate the payload to determine the cause of the error.

Previous (Findings - Action based findings)
Introspection-based Circular Query
Next (Findings - Action based findings)
Latent injection vulnerability