CVE-2022-25845

Unsafe deserialization in com.alibaba:fastjson in maven/com.alibaba/fastjson

Identifiers

CVE-2022-25845, GHSA-pv7h-hx5h-mgfj

Package Slug

maven/com.alibaba/fastjson

Vulnerability

Unsafe deserialization in com.alibaba:fastjson

Description

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable safeMode.

Affected Versions

All versions before 1.2.83

Solution

Upgrade to version 1.2.83 or above.

Last Modified

2022-06-17

source