Описание
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | com.google.code.gson-gson | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Will not fix | ||
| Red Hat AMQ Broker 7 | com.google.code.gson-gson | Not affected | ||
| Red Hat A-MQ Online | com.google.code.gson-gson | Not affected | ||
| Red Hat build of Debezium 1 | com.google.code.gson-gson | Not affected | ||
| Red Hat build of Quarkus | com.google.code.gson-gson | Affected | ||
| Red Hat Data Grid 8 | com.google.code.gson-gson | Not affected | ||
| Red Hat Fuse 7 | com.google.code.gson-gson | Will not fix | ||
| Red Hat Integration Camel K 1 | com.google.code.gson-gson | Will not fix | ||
| Red Hat Integration Camel Quarkus 1 | com.google.code.gson-gson | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...
EPSS
7.5 High
CVSS3