June 25, 2022 at 10:55PM

■■■■■ Zero-Day: Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called “AutoType.” It was patched by the project maintainers in version 1.2.83 released on May 23, 2022.

https://github.com/alibaba/fastjson/wiki/security_update_20220523

https://amp.thehackernews.com/thn/2022/06/high-severity-rce-vulnerability.html

https://t.me/cKure/11522