Lucene search
K

237 matches found

CNVD
CNVD
added 2019/07/11 12:0 a.m.3 views

Fastjson Remote Code Execution Vulnerability (CNVD-2019-22238)

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker via a carefully...

8.2AI score
Exploits0References1
myhack58
myhack58
added 2019/03/13 12:0 a.m.86 views

. NET advanced code audit(third class)Fastjson deserialization vulnerability-vulnerability warning-the black bar safety net

In Java Fastjson ever broke the plurality of deserialization vulnerabilities and Bypass version, and in. Net field also has a Fastjson library 作者官宣这是一个读写Json效率最高的的.Net components, using the built-in method JSON. ToJSON can be quickly serialized. Net objects. Let you easily achieve. Net of all...

0.3AI score
Exploits0
OSV
OSV
added 2018/10/24 7:42 p.m.4 views

GHSA-XJRR-XV9M-4PW5 Improper Input Validation in alilibaba:fastjson

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

9.8CVSS7.6AI score0.3897EPSS
Exploits2References7
vulnersOsv
vulnersOsv
added 2018/10/24 7:42 p.m.7 views

io.andromeda:lyricist (>=0.2.3 <=0.2.4), io.andromeda:lyricist-demo (=0.2.3) +5 more potentially affected by CVE-2017-18349 via ro.pippo:pippo-fastjson (>=0.4.0 <=0.9.1)

ro.pippo:pippo-fastjson MAVEN version =0.4.0, =0.2.3, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: CVE-2017-18349 Source advisory: OSV:GHSA-XJRR-XV9M-4PW5...

10CVSS7.2AI score0.3897EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2018/10/24 7:42 p.m.6 views

cc.kebei:onion-easy-orm (=3.0.0), cc.kebei:onion-easy-orm-core (=3.0.0) +1362 more potentially affected by CVE-2017-18349 via com.alibaba:fastjson (>=1.1.15 <=1.2.30)

com.alibaba:fastjson MAVEN version =1.1.15, =1.1.6, =1.0.0, =1.0, =1.0.0, =1.0.0, =6.1.7, =6.2.08, =6.1.0, =6.1.7, =6.1.0, =6.2.09 and more Source cves: CVE-2017-18349 Source advisory: OSV:GHSA-XJRR-XV9M-4PW5...

10CVSS7.7AI score0.3897EPSS
Exploits2
CNVD
CNVD
added 2018/10/24 12:0 a.m.4 views

Pippo FastjsonEngine Fastjson Arbitrary Code Execution Vulnerability

Pippo is a Java-based Web framework . FastjsonEngine is one of the JSON processing engine . Fastjson is one of the Java-based JSON parser/generator . Pippo 1.11.0 version of FastjsonEngine used by Fastjson 1.2.25 before the version of parseObject has a security vulnerability. A remote attacker ca...

10CVSS9.6AI score0.3897EPSS
Exploits2References1
OSV
OSV
added 2018/10/23 8:29 p.m.22 views

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

9.8CVSS9.6AI score
Exploits0References3
NVD
NVD
added 2018/10/23 8:29 p.m.29 views

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS9.6AI score0.3897EPSS
Exploits2References3
Prion
Prion
added 2018/10/23 8:29 p.m.13 views

Cross site request forgery (csrf)

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS9.6AI score0.3897EPSS
Exploits2References3Affected Software2
Cvelist
Cvelist
added 2018/10/23 8:0 p.m.24 views

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

9.6AI score0.3897EPSS
Exploits2References3
CVE
CVE
added 2018/10/23 8:0 p.m.265 views

CVE-2017-18349

The CVE-2017-18349 entry describes Fastjson before 1.2.25 enabling remote code execution when used by Pippo 1.11.0 via a crafted JSON payload. The Nuclei template confirms the vulnerability is an insecure deserialization in FastjsonEngine where a crafted rmi:// URI in dataSourceName of an HTTP PO...

10CVSS9.5AI score0.3897EPSS
In wildExploits2References3Affected Software2
GitLab Advisory Database
GitLab Advisory Database
added 2018/10/23 12:0 a.m.26 views

Improper Input Validation

Fastjson allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java...

10CVSS6.6AI score0.3897EPSS
Exploits2References1Affected Software1
Gitee
Gitee
added 2018/08/10 5:44 p.m.7 views

vulhub

This is a Docker Compose file for a vulnerability environment. It is a collection of services and their configurations that can be used to test and demonstrate various vulnerabilities. The file is written in YAML format and defines the services, their ports, and their dependencies. The services...

7.2AI score
Exploits0
myhack58
myhack58
added 2017/06/09 12:0 a.m.88 views

In-depth understanding of the JAVA deserialization vulnerability-vulnerability warning-the black bar safety net

1.Java serialization and deserialization Java serialization refers to the Java object is converted to byte sequence of the process easy to save in memory, a file, a database, the ObjectOutputStream class's writeObjectmethod can be implemented serialized. Java deserialization refers to the sequenc...

Exploits0
myhack58
myhack58
added 2017/03/31 12:0 a.m.124 views

fastjson remote code execution vulnerability technical analysis and protection solution-vulnerability warning-the black bar safety net

! 2017-year 3 December 15, fastjson official released a security Bulletin indicating fastjson in 1. 2. 24 and the prior version there is a remote code execution high-risk security vulnerabilities. An attacker can use this vulnerability to remotely execute malicious code to invade the server...

1.2AI score
Exploits0
Veracode
Veracode
added 2017/03/16 7:44 a.m.25 views

Remote Code Execution (RCE)

Fastjson is vulnerable to remote code execution RCE attacks. This is because it does not properly deserialize object arrays when parsing JSON objects. Note please upgrade to version 1.2.28 or higher because of compatibility issues, though it was fixed in 1.2.25...

10CVSS9.7AI score0.3897EPSS
Exploits2References3Affected Software2
seebug.org
seebug.org
added 2017/03/16 12:0 a.m.87 views

fastjson < 1.2.24 remote code execution vulnerability

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder