Lucene search
Veracode Vulnerability DatabaseVERACODE:3663HistoryMar 16, 2017 - 7:44 a.m.
Remote Code Execution (RCE)
2017-03-1607:44:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.322 Low
EPSS
Percentile
97.0%
Fastjson is vulnerable to remote code execution (RCE) attacks. This is because it does not properly deserialize object arrays when parsing JSON objects. Note please upgrade to version 1.2.28 or higher because of compatibility issues, though it was fixed in 1.2.25.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fastjson1-compatible | le | 1.2.24 | |
| pippo fastjson | eq | 1.11.0 |
Related
nvd
nvd
CVE-2017-18349
2018-10-23 20:29:00
gitlab
gitlab
Improper Input Validation
2018-10-23 00:00:00
github
github
Improper Input Validation in alilibaba:fastjson
2018-10-24 19:42:03
osv
osv
CVE-2017-18349
2018-10-23 20:29:00
Improper Input Validation in alilibaba:fastjson
2018-10-24 19:42:03
cvelist
cvelist
CVE-2017-18349
2022-10-03 16:23:15
prion
prion
Cross site request forgery (csrf)
2018-10-23 20:29:00
cve
cve
CVE-2017-18349
2022-10-03 16:23:15