TheServerSide

ObjectOutputStream example: A Java object serialization tutorial

Community driven content discussing all aspects of software development from DevOps to design patterns. In this Java serialization example, we will use both the ObjectOutputStream and the ...
GitHub

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...
GitHub

ClassNotFoundException in CodebaseAwareObjectInputStream.java:99 [SPR-3029]

Since updating from 2.0.1 to 2.0.2 (nothing else on the classpath has changed), I sometimes get this exception: org.springframework.remoting.RemoteAccessException ...