Alibaba Fastjson vulnerabilities
2 known vulnerabilities affecting alibaba/fastjson.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2017-18349P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.2.25fixed in 1.2.482018-10-23
CVE-2017-18349 [CRITICAL] CWE-20 CVE-2017-18349: parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products,
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
nvd
CVE-2022-25845P2CRITICALCVSS 9.8fixed in 1.2.832022-06-10
CVE-2022-25845 [CRITICAL] CWE-502 CVE-2022-25845: The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data b
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com
nvd