Burp Suite User Forum

Login to post

Detected Desalinisation Jackson

Ajay | Last updated: May 29, 2021 04:09PM UTC

Dear Team, I have installed active scan++ and Freddy, Deserialization Bug Finder. It shows my webapp is vulnerable to Detected Desalinisation Jackson with High severity and certain confidence, and in response tab it seems that 400 bad request page. Now I am not able to understand that is the vulnerability is still present or just a false positive?

Michelle, PortSwigger Agent | Last updated: Jun 01, 2021 11:11AM UTC

These extensions are written by third parties and not by ourselves (we simply host them for the benefit of our other users). If one of the extensions has identified that a vulnerability is present in your application then the first step would be to try and manually confirm that this issue is present - if there are doubts about the validity of the reported vulnerability then it would be a good idea to get in touch with the author directly in order to confirm how their extension operates.

You need to Log in to post a reply. Or register here, for free.