Fastjson 是一个Java 语言编写的高性能功能完善的 JSON 库。 它采用一种“假定有序快速匹配”的算法,把 JSON Parse 的性能提升到极致,是目前 Java 语言中最快的 JSON 库。 Fastjson 接口简单易用,已经被广泛使用在缓存序列化、协议交互、Web 输出、Android 客户端等多种应用场景。 近日,白帽汇安全研究院监测到 fastjson 官方发布新版本,修补了一个反序列化远程代码执行漏洞。远程攻击者可利用该漏洞绕过 autoType 限制,进而可在目标服务器上执行任意命令。鉴于该漏洞影响较大,建议客户尽快自查修复。 漏洞描述.
Source link
RELATED STORIES
CVE-2020-8019
Detail
Current Description A UNIX Symbolic Link (Symlink) Following...
Executive Summary Informations Name CVE-2020-12414 First vendor Publication 2020-07-09 Vendor Cve Last vendor Modification 2020-07-09...
Executive Summary Informations Name CVE-2020-12404 First vendor Publication 2020-07-09 Vendor Cve Last vendor Modification 2020-07-09...
Popular media player application and OTT platform MX Player, that has over five hundred million...
App Hardening: Preventing Hackers from Accessing Your Code [Webinar Sign-up] | | IT Security News...
Google исправила 25 уязвимостей в Android 11:57 / 9 Июля, 2020 2020-07-09T12:57:47+03:00 Alexander Antipov Несколько...
Several critical remote code execution vulnerabilities were addressed in Android this week with the release...
Less than two weeks after patching a dangerous flaw in PAN-OS operating system Palo Alto...