Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default `autoType` shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. How to fix Deserialization of Untrusted Data? Upgrade `com.alibaba:fastjson` to version 1.2.83 or higher.	[,1.2.83)
H Deserialization of Untrusted Data com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Fastjson uses a black and white list method to prevent deserialization vulnerabilities. As a result, when attackers continue to discover new deserialization gadgets, it is still possible to bypass the black and white list defense mechanism when `autoType` is closed, resulting in a remote command execution vulnerability. How to fix Deserialization of Untrusted Data? Upgrade `com.alibaba:fastjson` to version 1.2.69 or higher.	[,1.2.69)
C Remote Code Execution com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Remote Code Execution. It allows remote attackers to execute arbitrary code via a crafted JSON request, as it did not properly deserialise object arrays when parsing JSON objects. How to fix Remote Code Execution? Upgrade `com.alibaba:fastjson` to version 1.2.25 or higher.	[,1.2.25)

Go back to all versions of this package