fastjson deserialization RCE Vulnerability

Others 2019-10-18 13:25:00 views: null

Description: fastjson is well-written in a high-performance Java language features JSON library.

Vulnerability reasons: fastjson json parsing process, the supports used to instantiate a autoType a specific class, and to fill their attribute values json. JDK classes and comes com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImplin a private attribute _bytecodes, which is part of the method performs Java bytecode value included.

Vulnerabilities conditions:

  1. Fastjson target site using json parsing library
  2. When set to resolve Feature.SupportNonPublicField, or does not support incoming private property
  3. Jdk used in the presence of the target TemplatesImplclass

Guess you like

Origin www.cnblogs.com/zpchcbd/p/11697706.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com