请升级com.alibaba:fastjson组件版本以解决6个安全漏洞 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

lijiaqigithub wants to merge 1 commit into master from oscs_fix_cp63onnbl82nkoutr6t0

Owner

lijiaqigithub commented May 21, 2024

将 com.alibaba:fastjson 组件从1.2.9 版本升级至 2.0.18版本,
用于修复以下安全漏洞：

序号	漏洞编号	漏洞标题	漏洞级别
1	MPS-2019-28847	Fastjson <= 1.2.60 版本远程代码执行漏洞	严重
2	MPS-2019-28848	Fastjson < 1.2.60 版本拒绝服务漏洞	严重
3	MPS-2020-39708	Fastjson <=1.2.68 远程代码执行漏洞	严重
4	MPS-2018-14062	Fastjson < 1.2.25版本远程代码执行漏洞	严重
5	MPS-2022-11320	Fastjson < 1.2.83 任意代码执行漏洞	高危
6	MPS-2020-40828	Fastjson < 1.2.67远程命令执行漏洞	高危

注意：此 PR 由您（或拥有此仓库权限的其他维护者）授权墨菲安全打开

了解更多：

如何快速修复代码安全问题


          fix vuln

d6f0990

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet