Serialization is the process of turning some object into a data format that can be restored later. People often serialize objects in order to save them to storage or to send as part of communications. Deserialization is the reverse of that process -- taking data structured from some format, and rebuilding it into an object.

It was determined that your web application performs JSON deserialization of user-supplied data using Fastjson library with the support of Polymorphic Type Handling. Polymorphic Type Handling could be quite unsafe, and should carefully be performed on untrusted data. Consult Web references section for more information about this issue.


Upgrage Fastjson library to the most recent version.


Related Vulnerabilities