Java Architecture Diary
May 24, 2022 · Information Security
Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems
A critical deserialization flaw in Fastjson versions up to 1.2.80 allows attackers to bypass autoType restrictions and achieve remote code execution, affecting Spring Cloud Alibaba Sentinel users, with mitigation steps and version-specific fixes detailed for both open‑source and commercial releases.
Remote Code ExecutionSpring Cloud Alibaba Sentinelcommercial
0 likes · 2 min read