Fastjson 是一个Java 语言编写的高性能功能完善的 JSON 库。 它采用一种“假定有序快速匹配”的算法,把 JSON Parse 的性能提升到极致,是目前 Java 语言中最快的 JSON 库。 Fastjson 接口简单易用,已经被广泛使用在缓存序列化、协议交互、Web 输出、Android 客户端等多种应用场景。 近日,白帽汇安全研究院监测到 fastjson 官方发布新版本,修补了一个反序列化远程代码执行漏洞。远程攻击者可利用该漏洞绕过 autoType 限制,进而可在目标服务器上执行任意命令。鉴于该漏洞影响较大,建议客户尽快自查修复。 漏洞描述.
Source link
【安全通报】fastjson 远程代码执行漏洞
RELATED STORIES
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a...
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a...
This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service (RRAS)...
Original release date: March 3, 2021 Google has released Chrome version 89.0.4389.72 for Windows, Mac, and...
Cybersecurity experts report that a version of CANVAS, an exploit platform to test vulnerabilities in...
– The kernel packages contain the Linux kernel, the core of any Linux operating system....
bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more...
chicksdaddy writes: The Security Ledger reports that a flaw in Zoom’s Keybase secure chat application...
# Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS # Date: 25/02/2021 # Exploit Author:...
Governance & Risk Management , IT Risk Management , Patch Management The Flaw in Windows...
You must be logged in to post a comment.