■■■■■ Zero-Day: Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.
Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called “AutoType.” It was patched by the project maintainers in version 1.2.83 released on May 23, 2022.
https://github.com/alibaba/fastjson/wiki/security_update_20220523
https://amp.thehackernews.com/thn/2022/06/high-severity-rce-vulnerability.html
https://t.me/cKure/11522