|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-02-18 | |
| Rule Name: | Fastjson 1.2.68 BOMInputStream Deserialization Arbitrary File Reading Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Fastjson is a high-performance Java language JSON processor developed by Alibaba, which is used to serialize Java classes to JSON format, and can also deserialize JSON strings to Java classes. The deserialization vulnerability in Fastjson 1.2.68 allows an attacker to deserialize the BOMInputStream class, resulting in arbitrary code execution. | |
| Impact: | An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |