VDB
CNVD-2022-51879
CNVD-2022-51879
PUBLISHED
Fastjson是一款基于Java的快速JSON解析器/生成器。 Fastjson 1.2.83之前版本存在安全漏洞,该漏洞源于容易绕过默认的autoType关闭限制来反序列化不受信任的数据,攻击者利用该漏洞导致代码执行。
Exploit Intelligence
- nerowander/CVE-2022-25845-exploit (github-poc-repo)
- nerowander/CVE-2022-25845-exploit (github-poc-repo)
- a scenario based on CVE-2022-25845 yielding a TP for metadata based SCA but a FN if the callgraph is used (github-poc-repo)
- a scenario based on CVE-2022-25845 yielding a TP for metadata based SCA but a FN if the callgraph is used (github-poc-repo)
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env! (github-poc-repo)
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env! (github-poc-repo)
- exploit by python (github-poc-repo)
- exploit by python (github-poc-repo)
- cuijiung/fastjson-CVE-2022-25845 (github-poc-repo)
- cuijiung/fastjson-CVE-2022-25845 (github-poc-repo)
…and 16 more exploits
Timeline
- CVE Published