Deserializing an object from untrusted input may result in security problems, such as denial of service or remote code execution.

Avoid using an unsafe deserialization framework.

In this example, a string is deserialized using a JavaScriptSerializer with a simple type resolver. Using a type resolver means that arbitrary code may be executed.

To fix this specific vulnerability, we avoid using a type resolver. In other cases, it may be necessary to use a different deserialization framework.

Muñoz, Alvaro and Mirosh, Oleksandr: JSON Attacks.