← Zuruck zu CVEs
CVE-2022-25845
HIGH8.1
Beschreibung
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/10/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
alibaba:fastjsonoracle:communications_cloud_native_core_unified_data_repository
Schwachen (CWE)
CWE-502
Referenzen
https://github.com/alibaba/fastjson/releases/tag/1.2.83(report@snyk.io)
https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222(report@snyk.io)
https://www.ddosi.org/fastjson-poc/(report@snyk.io)
https://www.oracle.com/security-alerts/cpujul2022.html(report@snyk.io)
https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/alibaba/fastjson/releases/tag/1.2.83(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/alibaba/fastjson/wiki/security_update_20220523(af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222(af854a3a-2127-422b-91ae-364da2661108)
https://www.ddosi.org/fastjson-poc/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.