高危！Fastjson反序列化漏洞风险通告

liang2013

又发布fastjson的高危风险了，请问升级到1.2.83版本出现的问题如何解决

1. 2022-05-26 15:31:39 编码: JUSTEP150013; 提示: 解析Action出错
   
2. com.justep.exception.BusinessException: 编码: JUSTEP150013; 提示: 解析Action出错
   
3.         at com.justep.exception.BusinessException.create(Unknown Source)
   
4.         at com.justep.business.server.BusinessServerServlet.createActionJsonObject(Unknown Source)
   
5.         at com.justep.business.server.BusinessServerServlet.execService(Unknown Source)
   
6.         at com.justep.business.server.BusinessServerServlet.service(Unknown Source)
   
7.         at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
   
8.         at com.justep.x.bs.BusinessServerServlet.service(Unknown Source)
   
9.         at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
   
10.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    
11.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    
12.         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    
13.         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    
14.         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    
15.         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    
16.         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    
17.         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    
18.         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
    
19.         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
    
20.         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    
21.         at java.lang.Thread.run(Thread.java:745)
    
22. Caused by: com.alibaba.fastjson.JSONException: autoType is not support. table
    
23.         at com.alibaba.fastjson.parser.ParserConfig.checkAutoType(ParserConfig.java:1542)
    
24.         at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:343)
    
25.         at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:581)
    
26.         at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:581)
    
27.         at com.alibaba.fastjson.parser.DefaultJSONParser.parseArray(DefaultJSONParser.java:1243)
    
28.         at com.alibaba.fastjson.parser.DefaultJSONParser.parseObject(DefaultJSONParser.java:530)
    
29.         at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1430)
    
30.         at com.alibaba.fastjson.parser.DefaultJSONParser.parse(DefaultJSONParser.java:1390)
    
31.         at com.alibaba.fastjson.JSON.parse(JSON.java:181)
    
32.         at com.alibaba.fastjson.JSON.parse(JSON.java:191)
    
33.         at com.alibaba.fastjson.JSON.parse(JSON.java:147)
    
34.         at com.alibaba.fastjson.JSON.parseObject(JSON.java:252)
    
35.         ... 18 more
    

复制代码

Mxt8106

http://bbs.wex5.com/forum.php?mo ... ;highlight=fastjson

jishuang

3.9版本平台处理过，用的是版本是比较高的，推荐升级3.9版本，这个是jar平台是修改过的