search

alibaba / fastjson

FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.
https://github.com/alibaba/fastjson2/wiki/fastjson_1_upgrade_cn
Apache License 2.0
25.74k stars 6.5k forks source link

请问1.1.XX版本有此漏洞嘛 #4154

Open Gxiaoyadan opened 2 years ago

Gxiaoyadan commented 2 years ago

请问1.1.XX版本有此漏洞嘛

sunziren commented 2 years ago

同问

Pozz-Li commented 2 years ago

可以看一下mvn仓库,上面有披露。找到自己项目使用的版本查看 https://mvnrepository.com/artifact/com.alibaba/fastjson

Gxiaoyadan commented 2 years ago

可以看一下mvn仓库,上面有披露。找到自己项目使用的版本查看 https://mvnrepository.com/artifact/com.alibaba/fastjson

mvn仓库中没有找到此次反序列化漏洞

wenshao commented 2 years ago

https://github.com/alibaba/fastjson/wiki/security_update_20220523

如果担心兼容问题,可以考虑 1.2.8_noneautotype https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.8_noneautotype/