What is CVE-2017-18349?

CVE-2017-18349 is a vulnerability in N/a. Published 2018-10-23.

Is CVE-2017-18349 known to be exploited?

29 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceNam…

EPSS: 0.887 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

h0cksr/Fastjson--CVE-2017-18349-
Dungsocool/CVE-2017-18349
ARPSyndicate/cvemon
CLincat/vulcat
Nickel-Angel/lingxi-server
PAGalaxyLab/VulInfo
ReAbout/audit-java
W01fh4cker/LearnFastjsonVulnFromZero-Basic
bigblackhat/oFx
g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

References

fortiguard.com/encyclopedia/ips/44059 (x_refsource_MISC)
github.com/alibaba/fastjson/wiki/security_update_20170315 (x_refsource_MISC)
github.com/pippo-java/pippo/issues/466 (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-18349?: CVE-2017-18349 is a vulnerability in N/a. Published 2018-10-23.
Is CVE-2017-18349 known to be exploited?: 29 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.