Help Center/
MapReduce Service/
Product Bulletin/
Vulnerability Notice/
MRS Fastjson Vulnerability Remediation Guide/
Overview
Updated on 2024-08-28 GMT+08:00
Overview
Symptom
A deserialization remote code execution vulnerability is disclosed in Fastjson 1.2.80 and earlier versions. An attacker can use this vulnerability to bypass the autoType restriction so that they can remotely execute any code.
Impact and Risk
If a service with a vulnerability is attacked, attackers may remotely execute arbitrary code on the service platform.
Preventive Measures and Suggestions
Before any solution is proposed, you are advised to take the following preventive measures:
- Harden security borders of physical devices to prevent direct access from external networks and attacks to the internal network management plane.
- Check whether each component node of the platform uses the default password. If yes, change the password.
- Strengthen the management of account and passwords on the management plane to ensure that the information is not disclosed or spread.
- Some security vendors have provided preventive measures for this vulnerability. Set blocking rules on the security devices to prevent such attacks.
Parent topic: MRS Fastjson Vulnerability Remediation Guide
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
