Fastjson is vulnerable to remote code execution (RCE) attacks. This is because it does not properly deserialize object arrays when parsing JSON objects. Note please upgrade to version 1.2.28 or higher because of compatibility issues, though it was fixed in 1.2.25.
CPE | Name | Operator | Version |
---|---|---|---|
fastjson1-compatible | le | 1.2.24 | |
pippo fastjson | eq | 1.11.0 |