exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2022-25845

больше 3 лет назад

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

CVSS3: 8.1

EPSS: Высокий

CVE-2022-25845

больше 3 лет назад

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

CVSS3: 8.1

EPSS: Высокий

GHSA-pv7h-hx5h-mgfj

больше 3 лет назад

Unsafe deserialization in com.alibaba:fastjson

CVSS3: 8.1

EPSS: Высокий

BDU:2022-03553

почти 4 года назад

Уязвимость механизма AutoTypeCheck библиотеки языка программирования Java Fastjson, позволяющая нарушителю выполнить произвольный код

CVSS3: 9.8

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).	CVSS3: 8.1	88% Высокий	больше 3 лет назад
CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).	CVSS3: 8.1	88% Высокий	больше 3 лет назад
GHSA-pv7h-hx5h-mgfj Unsafe deserialization in com.alibaba:fastjson	CVSS3: 8.1	88% Высокий	больше 3 лет назад
BDU:2022-03553 Уязвимость механизма AutoTypeCheck библиотеки языка программирования Java Fastjson, позволяющая нарушителю выполнить произвольный код	CVSS3: 9.8	88% Высокий	почти 4 года назад

Уязвимостей на страницу