ProductNews
New Features

New Plug-in for Detecting Deserialization Remote Code Execution Vulnerability in FastJSON Versions Earlier Than 1.2.61

Sep 20 2019

A new plug-in is released to detect the deserialization Remote Code Execution (RCE) vulnerability in the FastJSON component whose versions are earlier than 1.2.61. We recommend that you perform security checks.
Content

Target customers: all users who use FastJSON versions earlier than 1.2.61. Features released: The Alibaba Cloud Emergency Response Center has detected that the official GitHub repository of FastJSON disclosed a newly discovered deserialization RCE vulnerability. By exploiting this latest RCE gadget chain, attackers can execute arbitrary commands on servers remotely and subsequently gain full control over server privileges, posing a severe security risk. The FastJSON team has released version 1.2.61 to address this vulnerability. All users who use FastJSON are strongly recommended upgrading FastJSON to the latest version 1.2.61 and perform security checks at the earliest opportunity.

Previous

New Plug-in for Detecting Harbor Unauthorized Administrator Registration Vulnerability (CVE-2019-16097)

Next

Supports Fn::Calculate and the Transform Macro

7th Gen ECS Is Now Available

Increase instance computing power by up to 40% and Fully equipped with TPM chips.
Powered by Third-generation Intel® Xeon® Scalable processors (Ice Lake).

Start Now

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More