8 matches found
Exploit for Deserialization of Untrusted Data in Alibaba Fastjson
CVE-2022-25845-In-Spring 主要依赖 1. jackson 2. commons-io 快...
Exploit for Deserialization of Untrusted Data in Alibaba Fastjson
json.org CVE-2022-45688 true & false positive WTF ?? The p...
Exploit for Deserialization of Untrusted Data in Alibaba Fastjson
CVE-2022-25845-exploit Try exploiting this CVE by studying so...
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 CVSS score: 8.1, the issue relates to a case of deserialization of...
ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +12039 more potentially affected by CVE-2022-25845 via com.alibaba:fastjson (>=1.2.25 <=1.2.80)
com.alibaba:fastjson MAVEN version =1.2.25, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.1.1, =2.1.0, =2.1.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =j11.2.6.0 and more Source cves: CVE-2022-25845 Source advisory: OSV:GHSA-PV7H-HX5H-M...
CVE-2022-25845 Deserialization of Untrusted Data
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...
CVE-2022-25845
CVE-2022-25845 affects Alibaba Fastjson prior to 1.2.83. The root cause is a bypass of the default autoType shutdown restrictions during deserialization of untrusted data, allowing attacker-controlled payloads to trigger deserialization. The impact is described as remote attack potential on vulne...
ai.houyi:dorado (>=0.0.1 <=0.0.8), ai.houyi:dorado-core (>=0.0.11 <=0.0.51) +12735 more potentially affected by CVE-2022-25845 via com.alibaba:fastjson (>=1.1.15 <=1.2.80)
com.alibaba:fastjson MAVEN version =1.1.15, =0.0.1, =0.0.11, =0.0.16, =0.0.1, =0.0.14, =0.0.47, =0.0.14, =0.1.1, =2.1.0, =2.1.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =j11.2.6.0 and more Source cves: CVE-2022-25845 Source advisory:...