2.0.53
12 years ago
3 months ago
Known vulnerabilities in the com.alibaba:fastjson package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default How to fix Deserialization of Untrusted Data? Upgrade | [,1.2.83) |
com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Fastjson uses a black and white list method to prevent deserialization vulnerabilities. As a result, when attackers continue to discover new deserialization gadgets, it is still possible to bypass the black and white list defense mechanism when How to fix Deserialization of Untrusted Data? Upgrade | [,1.2.69) |
com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Remote Code Execution. It allows remote attackers to execute arbitrary code via a crafted JSON request, as it did not properly deserialise object arrays when parsing JSON objects. How to fix Remote Code Execution? Upgrade | [,1.2.25) |