CVE-2022-25845

Published
View on NVD ↗
CVSS v3
8.1
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT

Description

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

alibaba/fastjson
alibaba/fastjson
FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.
GitHubGitHub
25.6K