[Vulnerability Warning] Fastjson <1.2.51 Deserialization Vulnerability

2019-08-02 11:27:45
Dear user

On July 10, 2019, it is revealed that the Version Fastjson <1.2.51 has a remote code execution vulnerability that if any service has the Fastjson vulnerability, its server will be directly invaded and immediate fix is required.


[Vulnerability Description]

The version of open source software Fastjson is lower than 1.2.51. When any malicious user constructs and sends a malicious request, any code will be triggered and executed when fastjson carries out deserialization processing to the data.


[Vulnerability Rating]

High Risk


[Influence Range]

Fastjson < 1.2.51


[Security Fix Recommendation]

Upgrade the Fastjson software to the latest version 1.2.58


[Reference Link]

https://github.com/alibaba/fastjson/wiki/update_faq_20190722


JD Cloud team

2019-08-02 11:27:45