Lucene search
MitreCVELIST:CVE-2017-18349HistoryOct 03, 2022 - 4:23 p.m.
CVE-2017-18349
2022-10-0316:23:15
mitre
www.cve.org
fastjson
pippo
remote code execution
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
Related
veracode
veracode
Remote Code Execution (RCE)
2017-03-16 07:44:26
nvd
nvd
CVE-2017-18349
2018-10-23 20:29:00
gitlab
gitlab
Improper Input Validation
2018-10-23 00:00:00
github
github
Improper Input Validation in alilibaba:fastjson
2018-10-24 19:42:03
osv
osv
CVE-2017-18349
2018-10-23 20:29:00
Improper Input Validation in alilibaba:fastjson
2018-10-24 19:42:03
prion
prion
Cross site request forgery (csrf)
2018-10-23 20:29:00
cve
cve
CVE-2017-18349
2022-10-03 16:23:15