Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Alibaba Subscribe
Filtered by product Fastjson
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25845 2 Alibaba, Oracle 2 Fastjson, Communications Cloud Native Core Unified Data Repository 2023-02-23 6.8 MEDIUM 9.8 CRITICAL
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVE-2017-18349 2 Alibaba, Pippo 2 Fastjson, Pippo 2019-01-28 10.0 HIGH 9.8 CRITICAL
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.