CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data, which is possible under certain conditions.

CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data, which is possible under certain conditions.

- You can enable safemode by setting `safeJsonType to false and safeJsonPadding to `. - Another way to avoid this issue is to deserialize json data using `. - You can use a data type that is not vulnerable to this issue. For example, `. - You can disable auto type and choose your own data type. - Be cautious when you receive large amount of json data. - Check your server certificate. - Check your server configuration. - This issue can be mitigated by upgrading to fastjson 1.2.83 or later. - Another way to avoid this issue is to deserialize json data using `. - You can use a data type that is not vulnerable to this issue. For example, `. - You can disable auto type and choose your own data type. - Be cautious when you receive large amount of json data. - Check your server certificate. - Check your server configuration. - This issue can be mitigated by upgrading to fastjson 1.2.83 or later. - Another way to avoid this issue is to deserialize json data using `. - You can disable auto type and choose your own data type. - Be cautious when you receive large amount of json data. - Check your server certificate. - Check your server configuration. - This issue can be mitigated by upgrading to fastjson 1.2.83 or later. - Another way to avoid this issue is to deserialize json

JSON Object Type Confusion

This vulnerability can be mitigated by upgrading to fastjson 1.2.83 or later.
The vulnerability can be avoided by deserializing the object using `.
- You can enable safemode by setting `safeJsonType to false and safeJsonPadding to `
- Another way to avoid this issue is to deserialize json data using `
- You can use a data type that is not vulnerable to this issue. For example, `
- You can disable auto type and choose your own data type.
- Be cautious when you receive large amount of json data. - Check your server certificate. - Check your server configuration. - This issue can be mitigated by upgrading to fastjson 1.2.83 or later
- Another way to avoid this issue is to deserialize json data using `
- You can disable auto type and choose your own data type

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe