| tiêu đề | WVP PRO wvp-GB28181-pro 2.7.4 Deserialization |
|---|
| Mô tả | The application's Redis template configuration (`RedisTemplateConfig.java`) uses `GenericFastJsonRedisSerializer` from FastJSON 2.x as the global serializer for Redis value operations. This serializer enables `JSONReader.Feature.SupportAutoType` by default, which allows arbitrary class instantiation during deserialization based on the `@type` field in JSON data.
An attacker can exploit this by:
1. Writing malicious JSON containing a `@type` annotation to Redis (via any API endpoint that stores data in Redis)
2. Waiting for any service to read from the affected Redis key
3. Triggering automatic deserialization that instantiates the attacker-specified class
4. Achieving remote code execution through known FastJSON gadget chains
This is a critical framework-level vulnerability because the unsafe configuration is global, affecting all Redis operations throughout the application.
|
|---|
| Nguồn | ⚠️ https://github.com/wing3e/public_exp/issues/1 |
|---|
| Người dùng | Winegee (UID 96308) |
|---|
| Đệ trình | 10/03/2026 11:32 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 25/03/2026 17:28 (15 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 353191 [648540858 wvp-GB28181-pro đến 2.7.4 API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|