[Vulnerability Warning] Fastjson <1.2.51 Deserialization Vulnerability

2019-08-02 11:27:45
Dear user

On July 10, 2019, it is revealed that the Version Fastjson <1.2.51 has a remote code execution vulnerability that if any service has the Fastjson vulnerability, its server will be directly invaded and immediate fix is required.

[Vulnerability Description]

The version of open source software Fastjson is lower than 1.2.51. When any malicious user constructs and sends a malicious request, any code will be triggered and executed when fastjson carries out deserialization processing to the data.

[Vulnerability Rating]

High Risk

[Influence Range]

Fastjson < 1.2.51

[Security Fix Recommendation]

Upgrade the Fastjson software to the latest version 1.2.58

[Reference Link]


JD Cloud team

2019-08-02 11:27:45