Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fastjson vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-18349
parseObject in Fastjson prior to 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote malicious users to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the ...
Pippo Pippo 1.11.0
Alibaba Fastjson
7 Github repositories
6.8
CVSSv2
CVE-2022-25845
The package com.alibaba:fastjson prior to 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If ...
Alibaba Fastjson
Oracle Communications Cloud Native Core Unified Data Repository 22.2.0
3 Github repositories
NA
CVE-2024-29433
A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows malicious users to execute arbitrary commands via supplying crafted data.
NA
CVE-2024-23052
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote malicious user to execute arbitrary code via the parseObject() function in the fastjson component.
NA
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions before 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some ...
Apache Dubbo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started