|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-02-18 | |
| Rule Name: | Fastjson 1.2.68 Deserialization Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Fastjson is a high-performance Java language JSON processor developed by Alibaba, which is used to serialize Java classes to JSON format, and can also deserialize JSON strings to Java classes. Fastjson 1.2.68 can bypass checkAutotype with java.lang.AutoCloseable, which in conjunction with the ByteArrayOutputStream class causes deserialization, resulting in remote arbitrary code execution. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |