Описание
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable safeMode.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
8.1 High
CVSS3
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Уязвимость механизма AutoTypeCheck библиотеки языка программирования Java Fastjson, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3
9.8 Critical
CVSS3
6.8 Medium
CVSS2