GitHub

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring ...
IEEE

The Behavioral Diversity of Java JSON Libraries

Abstract: JSON is an essential file and data format in domains that span scientific computing, web APIs or configuration management. Its popularity has motivated significant software development ...