← Back

CVE-2022-25845

nvd nist
Published: Jun 10, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

Affected (2)

Alibaba
1 product
Fastjson
Oracle
1 product
Communications Cloud Native Core Unified Data Repository
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Fastjson
Before 1.2.83
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Communications Cloud Native Core Unified Data Repository
Version 22.2.0

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (14)

Source: report@snyk.io
PatchThird Party Advisory
Source: report@snyk.io
PatchThird Party Advisory
Source: report@snyk.io
Release NotesThird Party Advisory
Source: report@snyk.io
Third Party Advisory
Source: report@snyk.io
Third Party Advisory
Source: report@snyk.io
ExploitThird Party Advisory
Source: report@snyk.io
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.