With the rapid development of Internet technology, the data exchange between applications and services is increasing. The serialization mechanism provides convenience for cross platform data transmission and interaction, and is widely used in applications such as network programming, data persistence, and distributed systems. However, deserialization vulnerabilities caused by them have gradually attracted attention. Attackers inject maliciously crafted objects and then exploit these vulnerabilities to achieve remote code execution and other malicious behaviors, leading to data leakage, system crash, service interruption and other consequences, seriously threatening application security and user privacy security. Therefore, it is urgent to systematically sort out and analyze the principles and detection of deserialization vulnerabilities. This review introduced the background and development history of deseriali zation vulnerabilities, explained the implementation principles of deserialization vulnerabilities through specific cases, extracted general methods for detecting deserialization vulnerabilities,