Description: fastjson is well-written in a high-performance Java language features JSON library.
Vulnerability reasons: fastjson json parsing process, the supports used to instantiate a autoType a specific class, and to fill their attribute values json. JDK classes and comes com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl
in a private attribute _bytecodes
, which is part of the method performs Java bytecode value included.
Vulnerabilities conditions:
- Fastjson target site using json parsing library
- When set to resolve
Feature.SupportNonPublicField
, or does not support incoming private property - Jdk used in the presence of the target
TemplatesImpl
class