Alibaba Fastjson

3 CVEs affecting Alibaba Fastjson. Latest disclosed: 2026-01-09. Critical: 2, High: 1.

Top CVEs affecting Alibaba Fastjson
CVESeverityScorePublishedSummary
CVE-2025-70974Critical10.02026-01-09Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may b…
CVE-2017-18349Critical9.82018-10-23parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a cr…
CVE-2022-25845High8.12022-06-10The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, whi…