Insecure Deserialization
Oracle recommends that your code, which makes use of the Oracle DMW views and API, does not accept serialized objects from untrusted sources or that only primitive data types are permitted in such serialized objects.
Parent topic: Oracle DMW Secure Development