
Insecure Deserialization
Insecure Deserialization is when unknown or manipulated object is injected into a web application.
This could be SQL injection, path traversal or any number of types of data in order to exploit the system.
Insecure Deserialization can be prevented in applications by not accepting serialized objects from untrusted sources. You could also implement integrity checks and type constraints.