| Título | WVP PRO wvp-GB28181-pro 2.7.4 Deserialization |
|---|
| Descrição | The application's Redis template configuration (`RedisTemplateConfig.java`) uses `GenericFastJsonRedisSerializer` from FastJSON 2.x as the global serializer for Redis value operations. This serializer enables `JSONReader.Feature.SupportAutoType` by default, which allows arbitrary class instantiation during deserialization based on the `@type` field in JSON data.
An attacker can exploit this by:
1. Writing malicious JSON containing a `@type` annotation to Redis (via any API endpoint that stores data in Redis)
2. Waiting for any service to read from the affected Redis key
3. Triggering automatic deserialization that instantiates the attacker-specified class
4. Achieving remote code execution through known FastJSON gadget chains
This is a critical framework-level vulnerability because the unsafe configuration is global, affecting all Redis operations throughout the application.
|
|---|
| Fonte | ⚠️ https://github.com/wing3e/public_exp/issues/1 |
|---|
| Utilizador | Winegee (UID 96308) |
|---|
| Submissão | 10/03/2026 11h32 (há 1 mês) |
|---|
| Moderação | 25/03/2026 17h28 (15 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 353191 [648540858 wvp-GB28181-pro até 2.7.4 API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|