CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.908

EPSS Ranking 99.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2017-18349

Alibaba » Fastjson » Version: N/A

cpe:2.3:a:alibaba:fastjson:-
Alibaba » Fastjson » Version: 1.1.157

cpe:2.3:a:alibaba:fastjson:1.1.157
Alibaba » Fastjson » Version: 1.1.20

cpe:2.3:a:alibaba:fastjson:1.1.20
Alibaba » Fastjson » Version: 1.1.21

cpe:2.3:a:alibaba:fastjson:1.1.21
Alibaba » Fastjson » Version: 1.1.22

cpe:2.3:a:alibaba:fastjson:1.1.22
Alibaba » Fastjson » Version: 1.1.23

cpe:2.3:a:alibaba:fastjson:1.1.23
Alibaba » Fastjson » Version: 1.1.25

cpe:2.3:a:alibaba:fastjson:1.1.25
Alibaba » Fastjson » Version: 1.1.26

cpe:2.3:a:alibaba:fastjson:1.1.26
Alibaba » Fastjson » Version: 1.1.27

cpe:2.3:a:alibaba:fastjson:1.1.27
Alibaba » Fastjson » Version: 1.1.31

cpe:2.3:a:alibaba:fastjson:1.1.31
Alibaba » Fastjson » Version: 1.1.32

cpe:2.3:a:alibaba:fastjson:1.1.32
Alibaba » Fastjson » Version: 1.1.33

cpe:2.3:a:alibaba:fastjson:1.1.33
Alibaba » Fastjson » Version: 1.1.34

cpe:2.3:a:alibaba:fastjson:1.1.34
Alibaba » Fastjson » Version: 1.1.35

cpe:2.3:a:alibaba:fastjson:1.1.35
Alibaba » Fastjson » Version: 1.1.36

cpe:2.3:a:alibaba:fastjson:1.1.36
Alibaba » Fastjson » Version: 1.1.42

cpe:2.3:a:alibaba:fastjson:1.1.42
Alibaba » Fastjson » Version: 1.1.43

cpe:2.3:a:alibaba:fastjson:1.1.43
Alibaba » Fastjson » Version: 1.1.44

cpe:2.3:a:alibaba:fastjson:1.1.44
Alibaba » Fastjson » Version: 1.1.45

cpe:2.3:a:alibaba:fastjson:1.1.45
Alibaba » Fastjson » Version: 1.1.46

cpe:2.3:a:alibaba:fastjson:1.1.46
Alibaba » Fastjson » Version: 1.2.0

cpe:2.3:a:alibaba:fastjson:1.2.0
Alibaba » Fastjson » Version: 1.2.1

cpe:2.3:a:alibaba:fastjson:1.2.1
Alibaba » Fastjson » Version: 1.2.10

cpe:2.3:a:alibaba:fastjson:1.2.10
Alibaba » Fastjson » Version: 1.2.12

cpe:2.3:a:alibaba:fastjson:1.2.12
Alibaba » Fastjson » Version: 1.2.13

cpe:2.3:a:alibaba:fastjson:1.2.13
Alibaba » Fastjson » Version: 1.2.14

cpe:2.3:a:alibaba:fastjson:1.2.14
Alibaba » Fastjson » Version: 1.2.15

cpe:2.3:a:alibaba:fastjson:1.2.15
Alibaba » Fastjson » Version: 1.2.16

cpe:2.3:a:alibaba:fastjson:1.2.16
Alibaba » Fastjson » Version: 1.2.17

cpe:2.3:a:alibaba:fastjson:1.2.17
Alibaba » Fastjson » Version: 1.2.18

cpe:2.3:a:alibaba:fastjson:1.2.18
Alibaba » Fastjson » Version: 1.2.19

cpe:2.3:a:alibaba:fastjson:1.2.19
Alibaba » Fastjson » Version: 1.2.2

cpe:2.3:a:alibaba:fastjson:1.2.2
Alibaba » Fastjson » Version: 1.2.20

cpe:2.3:a:alibaba:fastjson:1.2.20
Alibaba » Fastjson » Version: 1.2.21

cpe:2.3:a:alibaba:fastjson:1.2.21
Alibaba » Fastjson » Version: 1.2.22

cpe:2.3:a:alibaba:fastjson:1.2.22
Alibaba » Fastjson » Version: 1.2.23

cpe:2.3:a:alibaba:fastjson:1.2.23
Alibaba » Fastjson » Version: 1.2.24

cpe:2.3:a:alibaba:fastjson:1.2.24
Alibaba » Fastjson » Version: 1.2.4

cpe:2.3:a:alibaba:fastjson:1.2.4
Alibaba » Fastjson » Version: 1.2.6

cpe:2.3:a:alibaba:fastjson:1.2.6
Alibaba » Fastjson » Version: 1.2.7

cpe:2.3:a:alibaba:fastjson:1.2.7
Alibaba » Fastjson » Version: 1.2.8

cpe:2.3:a:alibaba:fastjson:1.2.8
Alibaba » Fastjson » Version: 1.2.9

cpe:2.3:a:alibaba:fastjson:1.2.9
Pippo » Pippo » Version: 1.11.0

cpe:2.3:a:pippo:pippo:1.11.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-18349

Products

Pricing

Contact Us