The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-05-01T15:30:29.223346Z

Updated: 2024-09-17T03:32:46.390Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25647

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-01T16:15:08.603

Modified: 2024-11-21T06:52:30.240

Link: CVE-2022-25647

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-05-01T00:00:00Z

Links: CVE-2022-25647 - Bugzilla