PayPal has addressed a serious remote code execution vulnerability caused by a Java deserialization bug disclosed last year, and shared some recommendations for security practitioners based on the lessons learned in the process of dealing with the issue.
Deserialization of Untrusted Data