← Back

Fastjson

fastjson

Vendor: Alibaba • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-25845
2Alibaba
Oracle
2Communications Cloud Native Core Unified Data Repository
Fastjson
Nov 21, 2024
Jun 10, 2022
N/A· v4
9.8 CRITICAL· v3
6.8 MEDIUM· v2
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vuln...Show more
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).Show less
CVE-2017-18349
2Alibaba
Pippo
2Fastjson
Pippo
Nov 21, 2024
Oct 23, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI i...Show more
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.Show less