Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.11.0

Installation Type

Official SaaS Service

Service Name

DongTai-agent-java

Describe the details of the bug and the steps to reproduce it

污点流程图

危险方法显示是fastjson

但是fastjson目前已经是最新版本 1.2.83 ,这是否是误报？不是误报的话又该怎么验证

Additional Information

No response

Logs

No response

Could you provide the pom.xml file of the project?

Additionally, could you decompile the project's jar file and check the value of the VERSION field in the com.alibaba.fastjson.JSON class?

@lostsnow 你好 抱歉pom.xml和字段值目前都提供不了，但是验证失败跟这个漏洞是否存在有没有必然联系呢？

The verification results are irrelevant. This vulnerability is mainly related to the version number of Fastjson and whether safemode is enabled (for older versions of Fastjson).

The issue has been identified. A bug caused the fastjson class to not match, leading to false positives. This bug will be rectified in v1.12.0

@lostsnow 收到 感谢