> ## Documentation Index > Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt > Use this file to discover all available pages before exploring further. # A08:2021 - Software and Data Integrity Failures > Security rules for Software and Data Integrity Failures vulnerabilities. Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. This includes insecure dese Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. This includes insecure deserialization, use of untrusted plugins or libraries, insecure CI/CD pipelines, and lack of integrity verification. CodeAnt AI detects **Software and Data Integrity Failures** vulnerabilities across **11 languages**: Python, Java, JavaScript, Go, C#, Ruby, PHP, Swift, Clojure, HTML, Terraform. *** ## Detected Vulnerabilities **Severity:** **Critical** ### Description The application deserializes data from untrusted sources without proper validation, potentially allowing attackers to manipulate serialized objects to execute arbitrary code. ### Impact Remote code execution, denial of service, authentication bypass, and privilege escalation. Deserialization vulnerabilities are among the most severe and frequently exploited. ### Remediation Avoid deserializing data from untrusted sources. Use safe serialization formats like JSON instead of native serialization. Implement integrity checks (HMAC) on serialized data. Use allowlists for allowed deserialization classes. **Severity:** **High** ### Description The application does not properly verify the origin or integrity of data before using it, allowing attackers to supply tampered or malicious data. ### Impact Data tampering, man-in-the-middle attacks, and injection of malicious content that the application treats as legitimate, potentially leading to further exploitation. ### Remediation Implement digital signatures or HMAC for data integrity verification. Validate data source authenticity. Use TLS for data in transit. Verify checksums for downloaded content. **Severity:** **High** ### Description The application does not properly verify the origin of requests or data, allowing attackers to forge requests from unauthorized sources. ### Impact Cross-origin attacks, CSRF, and unauthorized API access from malicious origins that bypass same-origin policy protections. ### Remediation Validate Origin and Referer headers. Implement proper CORS policies. Use anti-CSRF tokens. Verify request origins at the server level for all state-changing operations. **Severity:** **High** ### Description The application includes or imports code, modules, or functionality from sources outside of its trust boundary without integrity verification. ### Impact Supply chain attacks where malicious code is introduced through compromised dependencies, CDN resources, or third-party scripts, executing with the application's full privileges. ### Remediation Verify integrity of all external resources using Subresource Integrity (SRI). Pin dependency versions. Use lockfiles. Audit third-party code. Host critical dependencies internally. **Severity:** **High** ### Description The application allows external input to modify object attributes dynamically (mass assignment), enabling attackers to modify fields they should not have access to. ### Impact Privilege escalation (e.g., setting `isAdmin=true`), data manipulation, and bypassing business logic by modifying protected attributes through mass assignment. ### Remediation Use allowlists for mass-assignable attributes. Explicitly define which fields can be updated from external input. Use DTOs or form objects to separate input from model attributes.