fastjson icon indicating copy to clipboard operation
fastjson copied to clipboard

Published 20 hours ago verified publisher icon alibaba

FastJsonHttpMessageConverter有bug,非法json格式字符串仍可反序列化为Java对象

Open mgyboom opened this issue 6 months ago • 1 comments

fastjson版本 1.2.83 和 2.0.52 springboot版本 2.0.0.RELEASE 请求示例如下:

curl --location --request POST 'http://localhost:8089/test' \
--header 'Content-Type: application/json' \
--data '{
    "name": "jackson",
    "cards": [
        {
            "cardNumber": "123456",
            "bankName": "ICBC"
        }}
    ]
}'

注意cards数组的第一个元素对象后多了个} 预期springmvc会报HttpMessageNotReadableException,实际竟然解析通过了,但是cards中第二个元素为空对象。 1721988073556_4F934D7E-EDC2-4f3b-AEE0-2DCC658D9915

mgyboom avatar Jul 26 '24 10:07 mgyboom