|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-01-14 | |
| Rule Name: | Fastjson 1.2.68 MySQL Connector 5.1.x JDBC4Connection Deserialization Remote Code Exection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Fastjson is a high-performance Java language JSON processor developed by Alibaba. Fastjson 1.2.68 bypasses checkAutotype with java.lang.AutoCloseable, which in conjunction with the JDBC4Connection class causes MySQL Connector version 5.1.x to be deserialized, resulting in remote arbitrary code execution. | |
| Impact: | An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |