com.alibaba:fastjson@1.2.62_noneautotype vulnerabilities

latest version

2.0.48
latest non vulnerable version

2.0.48
first published

12 years ago
latest version published

23 days ago
licenses detected
- Apache-2.0
  [1.1.15,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.alibaba:fastjson package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default `autoType` shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. How to fix Deserialization of Untrusted Data? Upgrade `com.alibaba:fastjson` to version 1.2.83 or higher.	[,1.2.83)
H Deserialization of Untrusted Data com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Fastjson uses a black and white list method to prevent deserialization vulnerabilities. As a result, when attackers continue to discover new deserialization gadgets, it is still possible to bypass the black and white list defense mechanism when `autoType` is closed, resulting in a remote command execution vulnerability. How to fix Deserialization of Untrusted Data? Upgrade `com.alibaba:fastjson` to version 1.2.69 or higher.	[,1.2.69)

Deserialization of Untrusted Data

com.alibaba:fastjson is a fast JSON parser/generator for Java.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers.

How to fix Deserialization of Untrusted Data?

Upgrade com.alibaba:fastjson to version 1.2.83 or higher.

[,1.2.83)

Deserialization of Untrusted Data

com.alibaba:fastjson is a fast JSON parser/generator for Java.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Fastjson uses a black and white list method to prevent deserialization vulnerabilities. As a result, when attackers continue to discover new deserialization gadgets, it is still possible to bypass the black and white list defense mechanism when autoType is closed, resulting in a remote command execution vulnerability.

How to fix Deserialization of Untrusted Data?

Upgrade com.alibaba:fastjson to version 1.2.69 or higher.

[,1.2.69)

Go back to all versions of this package

com.alibaba:fastjson@1.2.62_noneautotype vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities