Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
Fastjson 安全漏洞
Vulnerability Description
Fastjson是Alibaba开源的一款基于Java的快速JSON解析器/生成器。 Fastjson 1.2.48之前版本存在安全漏洞,该漏洞源于自动类型处理不当,可能导致JNDI注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A