CVE-2022-25647

Опубликовано: 01 мая 2022

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 5

CVSS3: 7.7

Описание

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	2.10.1-1
esm-apps-legacy/xenial	released	2.4-1ubuntu0.1~esm1
esm-apps/bionic	released	2.8.5-3~18.04.1~esm1
esm-apps/focal	released	2.8.5-3+deb10u1build0.20.04.1
esm-apps/jammy	released	2.8.8-1ubuntu0.1
esm-apps/noble	not-affected	2.10.1-1
esm-apps/xenial	released	2.4-1ubuntu0.1~esm1
focal	released	2.8.5-3+deb10u1build0.20.04.1
impish	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 95%

0.1158

Средний

5 Medium

CVSS2

7.7 High

CVSS3

Связанные уязвимости

CVE-2022-25647

CVSS3: 7.5

redhat

около 4 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

CVE-2022-25647

CVSS3: 7.7

nvd

около 4 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

CVE-2022-25647

CVSS3: 7.7

debian

около 4 лет назад

The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...

SUSE-SU-2022:2044-1

suse-cvrf

около 4 лет назад

Security update for google-gson

GHSA-4jrv-ppp4-jm57

CVSS3: 7.7

github

около 4 лет назад

Deserialization of Untrusted Data in Gson

EPSS

Процентиль: 95%

0.1158

Средний

5 Medium

CVSS2

7.7 High

CVSS3

CVE-2022-25647

Описание

Пакет libgoogle-gson-java

Ссылки на источники

Связанные уязвимости