Количество 2
Количество 2
CVE-2017-18349
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
GHSA-xjrr-xv9m-4pw5
Improper Input Validation in alilibaba:fastjson
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-18349 parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. | CVSS3: 9.8 | 91% Критический | больше 7 лет назад |
| GHSA-xjrr-xv9m-4pw5 Improper Input Validation in alilibaba:fastjson | CVSS3: 9.8 | 91% Критический | больше 7 лет назад |
Уязвимостей на страницу