Help Center/ Web Application Firewall/ Product Bulletin/ Remote Code Execution Vulnerability of Fastjson

Remote Code Execution Vulnerability of Fastjson

Updated on 2022-10-26 GMT+08:00

On July 12, 2019, the HUAWEI CLOUD Emergency Response Center detected that the open-source component Fastjson had a remote code execution vulnerability. This vulnerability is an extension of the deserialization vulnerability of Fastjson 1.2.24 detected in 2017 and can be directly used to obtain server permissions, causing serious damage.

Affected Versions

Versions earlier than Fastjson 1.2.51

Mitigation Version

Fastjson 1.2.51 or later

Official Solution

Upgrade Fastjson to 1.2.51 or the latest 1.2.58 version.

Mitigation

The built-in protection rules of HUAWEI CLOUD WAF can defend against this vulnerability. The procedure is as follows:

  1. Buy WAF.
  2. Add the website domain name to WAF and connect it to WAF. For details, see Adding a Domain Name.
  3. In the Basic Web Protection configuration area, set Mode to Block. For details, see Configuring Basic Web Protection Rules.
Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback