Got it

Fastjson 1.2.80 Vulnerability

Latest reply: Jul 5, 2022 08:31:18 120 2 1 0 0

Hello, everyone!

Recently, the Fastjson Development Team found that fastjson 1.2.80 and earlier have new risks. Under certain conditions, the default autoType disable limit can be bypassed to attack remote servers.

Impact Scope

Affected version: Fastjson ≤ 1.2.80

Version not affected: Fastjson = 1.2.83

Upgrade plan

1. Upgrade to latest version 1.2.83 

This version involves changes in autotype behavior. In some scenarios, there will be incompatibility. If you encounter problems, you can go to for help. 

2. SafeMode Hardening

fastjson introduced safeMode in 1.2.68 and later versions. After configuring safeMode, autoType is not supported regardless of whitelist or blacklist, which can prevent the deserialization Gadgets variant attack (close autoType and pay attention to evaluating the impact on business).

a. Open method

Refer to

b. Do you need to use safeMode when using versions after 1.2.83?

1.2.83 fixes the vulnerability discovered this time. Turning on safeMode completely turns off the autoType function to avoid similar problems from happening again. This may cause compatibility problems. Please fully evaluate the impact on the business and turn it on.

c. Do you need to upgrade if safeMode is enabled?

Turning on safeMode is not affected by this vulnerability, so you can not upgrade.

3. Upgrade to fastjson v2

fastjson v2 address

Fastjson has open source version 2.0. In version 2.0, the whitelist is no longer provided for compatibility, which improves security. The fastjson v2 code has been rewritten, and the performance has been greatly improved. It is not fully compatible with 1.x. The upgrade requires serious compatibility testing. There is a problem with the upgrade, you can ask for help at


  • x
  • convention:

Admin Created Jul 5, 2022 08:11:02

Thanks for your sharing!
View more
  • x
  • convention:

Created Jul 5, 2022 08:31:18

Thanks for sharing
View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.