VYPR

Fastjson

by Alibaba

Source repositories

CVEs (1)

  • CVE-2025-70974CriJan 9, 2026
    risk 0.65cvss 10.0epss 0.01

    Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection…