Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
| Software | From | Fixed in |
|---|---|---|
| google / gson | 2.2.3 | 2.8.9 |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| oracle / retail_order_broker | 18.0 | 18.0.x |
| oracle / retail_order_broker | 19.1 | 19.1.x |
| oracle / graalvm | 20.3.6 | 20.3.6.x |
| oracle / graalvm | 21.3.2 | 21.3.2.x |
| oracle / graalvm | 22.1.0 | 22.1.0.x |
| oracle / financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 | 8.0.8.2.0.x |
| oracle / financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 | 8.0.8.3.0.x |
com.google.code.gson / gson
|
- | 2.8.9 |
- https://github.com/google/gson/pull/1991
- https://github.com/google/gson/pull/1991/commits
- https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html
- https://security.netapp.com/advisory/ntap-20220901-0009/
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://www.debian.org/security/2022/dsa-5227
- https://www.oracle.com/security-alerts/cpujul2022.html