Lucene search
K

237 matches found

BDU FSTEC
BDU FSTEC
added 2022/06/21 12:0 a.m.6 views

The vulnerability of the AutoTypeCheck mechanism in the Fastjson programming language library allows a perpetrator to execute arbitrary code.

The vulnerability of the AutoTypeCheck mechanism in the Fastjson programming language library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

10CVSS8.2AI score0.17767EPSS
Exploits5References8Affected Software1
hivepro
hivepro
added 2022/06/20 7:1 a.m.16 views

Deserialization of untrusted data by Fastjson library leads to RCE

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Applications using the Fastjson java library are impacted by remote code execution vulnerability...

4.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/16 8:25 a.m.57 views

High-Severity RCE Vulnerability Reported in Popular Fastjson Library

Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 CVSS score: 8.1, the issue relates to a case of deserialization of...

2.9AI score0.17767EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2022/06/11 12:0 a.m.4 views

ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +12039 more potentially affected by CVE-2022-25845 via com.alibaba:fastjson (>=1.2.25 <=1.2.80)

com.alibaba:fastjson MAVEN version =1.2.25, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.1.1, =2.1.0, =2.1.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =j11.2.6.0 and more Source cves: CVE-2022-25845 Source advisory: OSV:GHSA-PV7H-HX5H-M...

9.8CVSS7.4AI score0.17767EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2022/06/10 8:0 p.m.2 views

CVE-2022-25845

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

9.8CVSS7.3AI score0.17767EPSS
Exploits5References8
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.9 views

Fastjson 代码问题漏洞

Fastjson is a Java-based fast JSON parser/generator. versions prior to Fastjson 1.2.83 have a security vulnerability that stems from the ease of bypassing the default autoType off restriction to deserialize untrusted data, which is exploited by attackers to cause code execution...

9.8CVSS5.9AI score0.17767EPSS
Exploits5References9
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/10 12:0 a.m.44 views

Unsafe deserialization in com.alibaba:fastjson

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

9.8CVSS6.1AI score0.17767EPSS
Exploits5References8Affected Software1
vulnersOsv
vulnersOsv
added 2022/06/06 4:21 p.m.4 views

ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +12735 more potentially affected by CVE-2022-25845 via com.alibaba:fastjson (>=1.1.15 <=1.2.80)

com.alibaba:fastjson MAVEN version =1.1.15, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.1.1, =2.1.0, =2.1.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =j11.2.6.0 and more Source cves: CVE-2022-25845 Source advisory:...

9.8CVSS7.4AI score0.17767EPSS
Exploits5
Snyk
Snyk
added 2022/06/06 4:21 p.m.4 views

Deserialization of Untrusted Data

Overview com.alibaba:fastjson is a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows...

9.8CVSS6.9AI score0.17767EPSS
Exploits5References2
CNVD
CNVD
added 2022/05/23 12:0 a.m.57 views

Fastjson Remote Code Execution Vulnerability (CNVD-2022-40233)

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker to bypass the...

8.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/06 12:0 a.m.4 views

PT-2022-2951

Name of the Vulnerable Software and Affected Versions com.alibaba:fastjson versions prior to 1.2.83 Description The vulnerability is related to the deserialization of untrusted data by bypassing the default autoType shutdown restrictions in the Fastjson library. This can be exploited under certai...

10CVSS7.5AI score0.17767EPSS
Exploits5References25
Kitploit
Kitploit
added 2022/02/25 11:30 a.m.304 views

JNDI-Injection-Exploit - A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability

JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server. Using this tool allows you get JNDI links, you ca...

7.3AI score
Exploits0References6
Gitee
Gitee
added 2021/11/08 5:5 p.m.9 views

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840 Jackson-databind远程代码执行漏洞(CVE-2020-8840)分析复现环境代码。 项目包含: jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞(CVE-2020-8840),攻击者可利用xbean-reflect的利用链(org.apache.xbean.propertyeditor.JndiConverter)触发JNDI远程类加载从而达到远程代码执行。...

9.8CVSS8.9AI score0.26587EPSS
Exploits5
Gitee
Gitee
added 2021/09/26 9:35 a.m.7 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...

9.8CVSS6.9AI score0.99686EPSS
Exploits74
seebug.org
seebug.org
added 2021/07/30 12:0 a.m.206 views

MCMS fastjson解析RCE漏洞

...

0.9AI score
Exploits0
Gitee
Gitee
added 2021/07/03 7:43 p.m.4 views

vulhub

This repository is an offensive tool for a collection of vulnerable environments and applications, referred to as "Vulhub". It is a collection of Docker images and scripts that simulate various web applications and systems with known vulnerabilities, allowing users to practice and learn about...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/12/04 4:48 p.m.102 views

GitHub Security Lab: Java : add fastjson detection. Improve RemoteFlowSource class, support SpringMvc

This bug was reported directly to GitHub Security Lab...

2.2AI score
Exploits0
Veracode
Veracode
added 2020/10/16 7:31 a.m.8 views

Arbitrary Code Execution

Fastjson is vulnerable to arbitrary code execution. A deserialization vulnerability exists within the JSON parser and allows the attacker to execute arbitrary code on the host OS...

6.2AI score
Exploits0
Gitee
Gitee
added 2020/10/02 7:57 p.m.2 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and demonstrating vulnerabilities. The repository contains a variety of vulnerable environments, including ones for Flask, Apache, and Jenkin...

7.1AI score
Exploits0
ossfuzz
ossfuzz
added 2020/08/13 5:26 a.m.14 views

fastjson:fuzz: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6259722731388928 Project: fastjson Fuzzing Engine: libFuzzer Fuzz Target: fuzz Job Type: libfuzzerasanfastjson Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000039118 Crash State: NULL Sanitizer: address ASAN Recommended Securit...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder