2 matches found
CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
PT-2024-22316
Name of the Vulnerable Software and Affected Versions turbo boost-commands versions prior to 0.1.3 turbo boost-commands versions prior to 0.2.2 Description TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the...