So many diffrent ways this can work btw we cant use owasp juicebox for this attack btw.So what is serialization at first lets talk about so in serialization we take data and we are going to convert this object to a format which can be put on a disk and then that can be sent to a network it can be serialized in XML,json,YAML, Binary. The opposite process of that is deserialization so we baiscally take this serialiazed data and deserialize it .In this attack what we do is basically take something malicious or exploit and then we serialize it and then the application takes that data deserialises and it executes it for us so they execute our exploit on themseleves .Why does this happen .Web apps mostly use seriliaztion and desirealizion thats why its so important .These are kind of hard to find but they are out there a lot.
So to prevent it basically dont accept anything from a non trusted source.
There is tool called ysoserial you can do just fine in interviews with that.