Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library.

From securityaffairs.co

Fastjson Library 2

Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object. Fastjson can work with arbitrary Java objects including pre-existing objects that you do not have source-code of.

Read more…