CVE-2022-25845

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Configurations

Configuration 1 (hide)

cpe:2.3:a:alibaba:fastjson:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*

History

23 Feb 2023, 17:51

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
First Time Oracle
Oracle communications Cloud Native Core Unified Data Repository
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory

25 Jul 2022, 18:22

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

17 Jun 2022, 17:13

Type Values Removed Values Added
References (CONFIRM) https://www.ddosi.org/fastjson-poc/ - (CONFIRM) https://www.ddosi.org/fastjson-poc/ - Exploit, Third Party Advisory
References (CONFIRM) https://github.com/alibaba/fastjson/releases/tag/1.2.83 - (CONFIRM) https://github.com/alibaba/fastjson/releases/tag/1.2.83 - Release Notes, Third Party Advisory
References (CONFIRM) https://github.com/alibaba/fastjson/wiki/security_update_20220523 - (CONFIRM) https://github.com/alibaba/fastjson/wiki/security_update_20220523 - Third Party Advisory
References (CONFIRM) https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d - (CONFIRM) https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d - Patch, Third Party Advisory
References (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222 - (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222 - Third Party Advisory
References (CONFIRM) https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15 - (CONFIRM) https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15 - Patch, Third Party Advisory
First Time Alibaba fastjson
Alibaba
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 9.8
CWE CWE-502
CPE cpe:2.3:a:alibaba:fastjson:*:*:*:*:*:*:*:*

10 Jun 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-10 20:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-25845

Mitre link : CVE-2022-25845

CVE.ORG link : CVE-2022-25845


JSON object : View

Products Affected

oracle

  • communications_cloud_native_core_unified_data_repository

alibaba

  • fastjson
CWE
CWE-502

Deserialization of Untrusted Data