CVE-2022-25647

Опубликовано: 01 мая 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.7

Описание

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	2.10.1-1
esm-apps/bionic	released	2.8.5-3~18.04.1~esm1
esm-apps/focal	released	2.8.5-3+deb10u1build0.20.04.1
esm-apps/jammy	released	2.8.8-1ubuntu0.1
esm-apps/noble	not-affected	2.10.1-1
esm-apps/xenial	released	2.4-1ubuntu0.1~esm1
focal	released	2.8.5-3+deb10u1build0.20.04.1
impish	ignored	end of life
jammy	released	2.8.8-1ubuntu0.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%

0.01687

Низкий

5 Medium

CVSS2

7.7 High

CVSS3

Связанные уязвимости

CVE-2022-25647

CVSS3: 7.5

redhat

больше 3 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

CVE-2022-25647

CVSS3: 7.7

nvd

больше 3 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

CVE-2022-25647

CVSS3: 7.7

debian

больше 3 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...

SUSE-SU-2022:2044-1

suse-cvrf

около 3 лет назад

Security update for google-gson

GHSA-4jrv-ppp4-jm57

CVSS3: 7.7

github

больше 3 лет назад

Deserialization of Untrusted Data in Gson

EPSS

Процентиль: 82%

0.01687

Низкий

5 Medium

CVSS2

7.7 High

CVSS3

CVE-2022-25647

Описание

Пакет libgoogle-gson-java

Ссылки на источники

Связанные уязвимости