Vulnerabilities (CVE)

Filtered by vendor Alibaba Subscribe
Filtered by product Fastjson
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25845 2 Alibaba, Oracle 2 Fastjson, Communications Cloud Native Core Unified Data Repository 2024-11-21 6.8 MEDIUM 8.1 HIGH
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVE-2017-18349 2 Alibaba, Pippo 2 Fastjson, Pippo 2024-11-21 10.0 HIGH 9.8 CRITICAL
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.