Fastjson allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi://
URI in the dataSourceName
field of HTTP POST data to the Pippo /json
URI, which is mishandled in AjaxApplication.java
.
CPE | Name | Operator | Version |
---|---|---|---|
maven/com.alibaba/fastjson | lt | 1.2.25 |