CVE-2022-25647

Опубликовано: 01 мая 2022

Источник: debian

EPSS Низкий

Описание

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libgoogle-gson-java	fixed	2.9.0-1		package

Примечания

https://github.com/google/gson/pull/1991
https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 (gson-parent-2.8.9)
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327

EPSS

Процентиль: 83%

0.02149

Низкий

Связанные уязвимости

CVE-2022-25647

CVSS3: 7.7

ubuntu

около 3 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

CVE-2022-25647

CVSS3: 7.5

redhat

около 3 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

CVE-2022-25647

CVSS3: 7.7

nvd

около 3 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

SUSE-SU-2022:2044-1

suse-cvrf

около 3 лет назад

Security update for google-gson

GHSA-4jrv-ppp4-jm57

CVSS3: 7.7

github

около 3 лет назад

Deserialization of Untrusted Data in Gson

EPSS

Процентиль: 83%

0.02149

Низкий