Your submission was sent successfully! Close

CVE-2022-25647

Published: 1 May 2022

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libgoogle-gson-java
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(reached end-of-life)
jammy Needs triage

upstream Needs triage