Alibaba Fastjson
3 CVEs affecting Alibaba Fastjson. Latest disclosed: 2026-01-09. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-70974 | Critical | 10.0 | 2026-01-09 | Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may b… |
CVE-2017-18349 | Critical | 9.8 | 2018-10-23 | parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a cr… |
CVE-2022-25845 | High | 8.1 | 2022-06-10 | The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, whi… |