- EPSS 0.03%
- Veröffentlicht 09.01.2026 06:43:23
- Zuletzt bearbeitet 13.01.2026 14:03:46
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods...
CVE-2022-25845
- EPSS 89.92%
- Veröffentlicht 10.06.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:53:06
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking rem...
- EPSS 91.14%
- Veröffentlicht 23.10.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:54
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of ...