Fastjson 1.2.62 and Earlier Remote Code Execution Vulnerability Threat Alert
Vulnerability Description On February 19, National Vulnerability Database (NVD) released a JNDI injection vulnerability (CVE-2020-8840) in jackson-databind. However, gadget deserialization in jackson-databind also affects Fastjson. According to researchers from NSFOCUS, when the AutoType fucntion is enabled (disabled by default), this vulnerability affects Fastjson 1.2.62, allowing attackers to result in remote arbitrary code execution on the […]