Fastjson

Fastjson 1.2.60 and Earlier Remote Code Execution Vulnerability Threat Alert

October 2, 2019

1 Vulnerability Description

On September 18, a security researcher submitted Fastjson remediation code on Alibaba’s official GitHub to prevent new exploits of the Fastjson deserialization remote code execution vulnerability. An attacker could exploit this vulnerability to remotely execute malicious code to compromise the server. (more…)

Fastjson Remote Denial-of-Service Vulnerability Threat Alert

September 30, 2019

  1. Vulnerability Description

Recently, multiple versions of fastjson have been found to contain a remote denial-of-service (DoS) vulnerability. An attacker could exploit a flaw in the processing logic of fastjson to exhaust memory and CPU resources of the server via a maliciously crafted json string, leading to a denial of service. (more…)

Fastjson Remote Code Execution Vulnerability Threat Alert

July 23, 2019

Overview

Recently, a security researcher discovered an issue with the fixes for multiple versions of fastjson. Despite these fixes, an attacker could remotely execute code on a server running fastjson via a carefully crafted request. This issue affects fastjson 1.2.47 and earlier and does not require enabling the autotype option. (more…)