zycgit
commented
4 years ago tks ,at new version Fastjson has been upgraded.
Closed xqc2000 closed 4 years ago
zycgit
commented
4 years ago tks ,at new version Fastjson has been upgraded.
The component FastjsonEngine converts a JSON string to an equivalent Java Object based on Fastjson(version 1.2.11); However,Fastjson version 1.2.24 and prior has a remote code execution vulnerability. for details,please refer to the links below: https://fortiguard.com/encyclopedia/ips/44059 http://xxlegend.com/2017/12/06/基于JdbcRowSetImpl的Fastjson%20RCE%20PoC构造与分析/ Upgrade to Fastjson version 1.2.45 or later can fix the issue.