Object injection is an application vulnerability that occurs when an application deserializes untrusted data.
If an attacker manages to inject a malicious object, he can exploit its properties to execute arbitrary code, steal data, modify the application’s behaviour or manipulate files remotely. In other words, this vulnerability can lead to a total compromise of the targeted system.