ALT-PU-2022-2164-1
Package google-gson updated to version 2.9.0-alt1_1jpp11 for branch sisyphus in task 303046.
Closed vulnerabilities
Published: 2022-05-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/google/gson/pull/1991
- https://github.com/google/gson/pull/1991
- https://github.com/google/gson/pull/1991/commits
- https://github.com/google/gson/pull/1991/commits
- [debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update
- [debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update
- [debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update
- [debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update
- https://security.netapp.com/advisory/ntap-20220901-0009/
- https://security.netapp.com/advisory/ntap-20220901-0009/
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- DSA-5227
- DSA-5227
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html