| Description: | | Fastjson is a Java library used to serialize Java objects into JSON format and deserialize JSON strings back into Java objects, but versions before 1.2.24 contain a deserialization vulnerability where attackers can craft malicious JSON data with an @type field specifying dangerous class paths to build a gadget chain using Spring Framework classes, enabling arbitrary code execution on the target server. legitimate use of @type or springframework classes in normal operations may trigger false positives, in which case disabling this rule is recommended. |