deserialization vulnerability

Java Architect Essentials

Jun 1, 2022 · Information Security

Fastjson 1.2.80 and Earlier Vulnerability: Risks, Affected Versions, and Upgrade Recommendations

Fastjson versions up to 1.2.80 contain a deserialization vulnerability that can bypass autoType restrictions, posing significant remote attack risk; users are advised to upgrade to the latest 1.2.83 release, enable safeMode or use the noneautotype builds, and consider migrating to Fastjson 2.0 for enhanced security.

Java securityLibrary Upgradedeserialization vulnerability

0 likes · 5 min read

Fastjson 1.2.80 and Earlier Vulnerability: Risks, Affected Versions, and Upgrade Recommendations

Java Architecture Diary

May 24, 2022 · Information Security

Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems

A critical deserialization flaw in Fastjson versions up to 1.2.80 allows attackers to bypass autoType restrictions and achieve remote code execution, affecting Spring Cloud Alibaba Sentinel users, with mitigation steps and version-specific fixes detailed for both open‑source and commercial releases.

Open SourceRemote Code ExecutionSpring Cloud Alibaba Sentinel

0 likes · 2 min read

Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems

Architect's Tech Stack

Feb 15, 2020 · Information Security

Apache Dubbo Deserialization Vulnerability (CVE-2019-17564): Principle, Affected Versions, and Protection Measures

The article explains the deserialization vulnerability (CVE-2019-17564) in Apache Dubbo when using HTTP, lists the impacted 2.5.x, 2.6.x, and 2.7.x versions, and provides mitigation steps including upgrading to 2.7.5 and applying Huawei Cloud WAF rules.

Apache DubboCVE-2019-17564Java RPC

0 likes · 3 min read

Apache Dubbo Deserialization Vulnerability (CVE-2019-17564): Principle, Affected Versions, and Protection Measures