BestHub
Sign in
Tagged articles
5 articles
Page 1 of 1
Java Architect Essentials
Java Architect Essentials
Jun 1, 2022 · Information Security

Fastjson 1.2.80 and Earlier Vulnerability: Risks, Affected Versions, and Upgrade Recommendations

Fastjson versions up to 1.2.80 contain a deserialization vulnerability that can bypass autoType restrictions, posing significant remote attack risk; users are advised to upgrade to the latest 1.2.83 release, enable safeMode or use the noneautotype builds, and consider migrating to Fastjson 2.0 for enhanced security.

Java SecurityLibrary UpgradeSafeMode
0 likes · 5 min read
Fastjson 1.2.80 and Earlier Vulnerability: Risks, Affected Versions, and Upgrade Recommendations
Programmer DD
Programmer DD
May 25, 2022 · Information Security

Critical Fastjson Deserialization Flaw Fixed – What You Need to Know

Fastjson versions up to 1.2.80 contain a deserialization flaw that can bypass the default autoType restriction, but the issue is mitigated by safeMode; the Fastjson team has released patches, recommending upgrades to 1.2.83, enabling safeMode, or migrating to Fastjson v2 for enhanced security.

Java SecuritySafeModeVersion Upgrade
0 likes · 4 min read
Critical Fastjson Deserialization Flaw Fixed – What You Need to Know
Java Architecture Diary
Java Architecture Diary
May 24, 2022 · Information Security

Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems

A critical deserialization flaw in Fastjson versions up to 1.2.80 allows attackers to bypass autoType restrictions and achieve remote code execution, affecting Spring Cloud Alibaba Sentinel users, with mitigation steps and version-specific fixes detailed for both open‑source and commercial releases.

Remote Code ExecutionSecurity PatchSpring Cloud Alibaba Sentinel
0 likes · 2 min read
Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems
Programmer DD
Programmer DD
Jan 17, 2022 · Information Security

Critical Apache Dubbo CVE-2021-43297 Vulnerability: Risks and Fixes

On January 14, 2022, 360CERT reported a high‑severity CVE‑2021‑43297 deserialization flaw in Apache Dubbo’s hessian‑lite (up to version 3.2.11) that can lead to remote code execution, detailing its impact, affected versions, risk rating, and recommending immediate upgrades to safe releases.

Apache DubboCVE-2021-43297Remote Code Execution
0 likes · 4 min read
Critical Apache Dubbo CVE-2021-43297 Vulnerability: Risks and Fixes