Vulnerabilities > Alibaba > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-10 CVE-2022-25845 Deserialization of Untrusted Data vulnerability in multiple products
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.
network
low complexity
alibaba oracle CWE-502
critical
9.8
2021-04-27 CVE-2021-29441 Authentication Bypass by Spoofing vulnerability in Alibaba Nacos
Nacos is a platform designed for dynamic service discovery and configuration and service management.
network
low complexity
alibaba CWE-290
critical
9.8
2018-10-23 CVE-2017-18349 Improper Input Validation vulnerability in multiple products
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
network
low complexity
pippo alibaba CWE-20
critical
9.8