Filtered by vendor Alibaba Subscriptions
Filtered by product Fastjson Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-25845 3 Alibaba, Oracle, Redhat 3 Fastjson, Communications Cloud Native Core Unified Data Repository, Jboss Fuse 2024-11-21 8.1 High
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVE-2017-18349 2 Alibaba, Pippo 2 Fastjson, Pippo 2024-11-21 N/A
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.