|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-05-25 | |
| Rule Name: | Fastjson 1.2.80 Deserialization Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | FastJSON is a high-performance Java language JSON processor developed by Alibaba. Fastjson 1.2.80 and below have deserialization vulnerabilities. Fastjson has used the blocklist and allowlist for defensive derivative vulnerabilities, but under specific conditions, the default autoType closure limit can be bypassed. Attacking remote servers has a greater impact. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/LeadroyaL/fastjson-blacklist/pull/13/files https://github.com/alibaba/fastjson/wiki/fastjson_safemode |
|
| Solutions |
|---|
| Please refer to the following repair suggestions or official documentation to repair: https://github.com/alibaba/fastjson/wiki/security_update_20220523 |