Fastjson is an open-source JSON library developed by Alibaba to parse JOSN strings. It can be used to serialize JavaBean into a JSON string and deserialize a JSON string to JavaBean.
Can You advise do the API Portal use the fastjson library?
API portal 4.x/5.x
Fastjson 1.2.68 and before were reported to contain a remote code execution vulnerability that bypasses the autoType switch to implement deserialization of classes that contain security risks. Attackers could exploit this vulnerability to execute arbitrary code on the target machine.
API Portal do not use fastjson library, hence is not affected