CVE-2022-25845

Name of the Vulnerable Software and Affected Versions com.alibaba:fastjson versions prior to 1.2.83

Description The vulnerability is related to the deserialization of untrusted data by bypassing the default autoType shutdown restrictions in the Fastjson library. This can be exploited under certain conditions, allowing attackers to execute remote code. The issue is associated with the AutoTypeCheck mechanism in Fastjson, which can lead to security problems during deserialization if the JSON is controlled by the user and AutoType is enabled.

Recommendations For versions prior to 1.2.83, update to version 1.2.83 or later. As a temporary workaround, consider enabling safeMode, which disables the AutoType feature, effectively closing deserialization attack vectors.