safeMode | BestHub

Java Architect Essentials

Jun 1, 2022 · Information Security

Fastjson 1.2.80 and Earlier Vulnerability: Risks, Affected Versions, and Upgrade Recommendations

Fastjson versions up to 1.2.80 contain a deserialization vulnerability that can bypass autoType restrictions, posing significant remote attack risk; users are advised to upgrade to the latest 1.2.83 release, enable safeMode or use the noneautotype builds, and consider migrating to Fastjson 2.0 for enhanced security.

Java securityLibrary Upgradedeserialization vulnerability

0 likes · 5 min read

Fastjson 1.2.80 and Earlier Vulnerability: Risks, Affected Versions, and Upgrade Recommendations

Full-Stack Internet Architecture

Jul 7, 2020 · Information Security

Understanding Fastjson AutoType and Its Security Implications

This article examines Fastjson's AutoType feature, explains how it works, demonstrates how it can lead to serious deserialization vulnerabilities, reviews the evolution of related security patches across versions, and provides guidance on safe usage and mitigation strategies.

AutoTypeSecuritydeserialization

0 likes · 17 min read

Understanding Fastjson AutoType and Its Security Implications

FunTester

Jun 1, 2020 · Information Security

Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations

Tencent Cloud Security reports that Fastjson versions up to 1.2.68 contain a high‑risk remote code execution vulnerability exploitable via the autotype feature, allowing attackers to gain server system privileges, and recommends immediate updates, enabling SafeMode, or replacing the library with alternatives such as Jackson‑databind or Gson.

PatchRemote Code ExecutionSecurity Vulnerability

0 likes · 3 min read

Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations