We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
检测到 Khighness/gulimall 一共引入了321个开源组件,存在100个漏洞
漏洞标题:Fastjson <=1.2.68 远程代码执行漏洞 漏洞编号: 漏洞描述:Fastjson 是Java语言实现的快速JSON解析和生成器,在<=1.2.68的版本中攻击者可通过精心构造的JSON请求,远程执行恶意代码。 漏洞原因: Fastjson采用黑白名单的方法来防御反序列化漏洞,导致当黑客不断发掘新的反序列化Gadgets类时,发现在autoType关闭的情况下仍然可能可以绕过黑白名单防御机制,造成远程命令执行漏洞。 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2020-30827 影响范围:(∞, 1.2.69) 最小修复版本:1.2.69 缺陷组件引入路径:io.renren:[email protected]>com.alibaba:[email protected]
另外还有100个漏洞,详细报告:https://mofeisec.com/jr?p=nb9671
The text was updated successfully, but these errors were encountered:
No branches or pull requests
检测到 Khighness/gulimall 一共引入了321个开源组件,存在100个漏洞
另外还有100个漏洞,详细报告:https://mofeisec.com/jr?p=nb9671
The text was updated successfully, but these errors were encountered: