Alibaba fastJSON 1.1.20

CPE Details

Alibaba fastJSON 1.1.20
alibaba
fastjson
1.1.20
2019-07-29
10h39 +00:00
2019-07-29
10h39 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:alibaba:fastjson:1.1.20:*:*:*:*:*:*:*

Informations

Vendor

alibaba

Product

fastjson

Version

1.1.20

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-25845 2022-06-10 20h05 +00:00 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
9.8
Critique
CVE-2017-18349 2018-10-23 20h00 +00:00 parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
9.8
Critique