The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 06:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.7 |
References | () https://github.com/google/gson/pull/1991 - Patch, Third Party Advisory | |
References | () https://github.com/google/gson/pull/1991/commits - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20220901-0009/ - Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 - Third Party Advisory | |
References | () https://www.debian.org/security/2022/dsa-5227 - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
09 Sep 2022, 20:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* |
|
References |
|
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0009/ - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html - Third Party Advisory |
07 Sep 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Sep 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jul 2022, 13:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html - Mailing List, Third Party Advisory |
14 May 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 May 2022, 16:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:google:gson:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-502 | |
References | (MISC) https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 - Third Party Advisory | |
References | (MISC) https://github.com/google/gson/pull/1991/commits - Patch, Third Party Advisory | |
References | (MISC) https://github.com/google/gson/pull/1991 - Patch, Third Party Advisory |
01 May 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-01 16:15
Updated : 2024-11-21 06:52
NVD link : CVE-2022-25647
Mitre link : CVE-2022-25647
CVE.ORG link : CVE-2022-25647
JSON object : View
Products Affected
oracle
- graalvm
- financial_services_crime_and_compliance_management_studio
- retail_order_broker
debian
- debian_linux
netapp
- active_iq_unified_manager
- gson
CWE
CWE-502
Deserialization of Untrusted Data