2 matches found
CVE-2017-18349
The CVE-2017-18349 entry describes Fastjson before 1.2.25 enabling remote code execution when used by Pippo 1.11.0 via a crafted JSON payload. The Nuclei template confirms the vulnerability is an insecure deserialization in FastjsonEngine where a crafted rmi:// URI in dataSourceName of an HTTP PO...
CVE-2022-25845
CVE-2022-25845 affects Alibaba Fastjson prior to 1.2.83. The root cause is a bypass of the default autoType shutdown restrictions during deserialization of untrusted data, allowing attacker-controlled payloads to trigger deserialization. The impact is described as remote attack potential on vulne...