Fastjson is an open-source JSON library developed by Alibaba to parse JOSN strings. It can be used to serialize JavaBean into a JSON string and deserialize a JSON string to JavaBean.
Can You advise do the Gateway used the fastjson library?
API Gateway 9.x/10.x
Fastjson 1.2.68 and before were reported to contain a remote code execution vulnerability that bypasses the autoType switch to implement deserialization of classes that contain security risks. Attackers could exploit this vulnerability to execute arbitrary code on the target machine.
API Gateway do not use fastjson library, hence it is not affected
Security bulletin published by fastjson project team can be reviewed here