IEEE

A Vulnerability Mining Model of Java Json Deserialization Based on AST

Abstract: In this paper we proposed a method of vulnerability mining based on Abstract Syntax Tree (AST), which can automatic detect defects in the mainstream frameworks of Java Json deserialization.
GitHub

ultrajson/ultrajson: Ultra fast JSON decoder and encoder written in C with Python bindings

UltraJSON's architecture is fundamentally ill-suited to making changes without risk of introducing new security vulnerabilities. As a result, this library has been put into a maintenance-only mode.