A flaw was found in com.alibaba:fastjson, a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.
A flaw was found in com.alibaba:fastjson, a fast JSON parser/generator for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.
Users who can not upgrade to the fixed version may enable safeMode; this completely disables the autoType function and eliminates the vulnerability risk. [https://github.com/alibaba/fastjson/wiki/fastjson_safemode]