The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

References

github.com/google/gson/pull/1991

github.com/google/gson/pull/1991/commits

lists.debian.org/debian-lts-announce/2022/05/msg00015.html

lists.debian.org/debian-lts-announce/2022/09/msg00009.html

security.netapp.com/advisory/ntap-20220901-0009/

snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327

www.debian.org/security/2022/dsa-5227

www.oracle.com/security-alerts/cpujul2022.html

ubuntucve 1

alpinelinux 1

openvas 7

nessus 22

redhatcve 1

atlassian 4

ibm 32

debiancve 1

cvelist 1

osv 5

suse 1

mageia 1

f5 1

nvd 1

cve 1

cgr 1

debian 3

ubuntu 1

broadcom 2

wolfi 1

veracode 1

prion 1

github 1

redhat 10

hivepro 1

thn 1

oracle 7

ubuntucve

CVE-2022-25647

2022-05-01 00:00:00

alpinelinux

CVE-2022-25647

2022-05-01 16:15:08

openvas

Ubuntu: Security Advisory (USN-6692-1)

2024-03-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2044-1)

2022-06-13 00:00:00

openSUSE: Security Advisory for google-gson (SUSE-SU-2022:2044-1)

2022-06-11 00:00:00

nessus

Oracle Enterprise Manager Cloud Control (Jan 2023 CPU)

2023-01-18 00:00:00

F5 Networks BIG-IP : GSON vulnerability (K00994461)

2022-08-29 00:00:00

Debian DSA-5227-1 : libgoogle-gson-java - security update

2022-09-07 00:00:00

redhatcve

CVE-2022-25647

2022-05-02 07:38:06

atlassian

DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server

2023-11-12 13:45:35

com.google.code.gson Vulnerability in Bitbucket Data Center and Server

2023-10-04 19:45:55

DoS (Denial of Service) com.google.code.gson:gson Dependency in Crucible Data Center and Server

2024-05-21 10:14:25

ibm

Security Bulletin: Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent

2023-07-14 13:38:34

Security Bulletin: Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights

2023-07-21 15:38:42

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to Google Gson (CVE-2022-25647)

2022-08-22 23:27:06

debiancve

CVE-2022-25647

2022-05-01 16:15:08

cvelist

CVE-2022-25647 Deserialization of Untrusted Data

2022-05-01 00:00:00

osv

libgoogle-gson-java - security update

2022-05-13 00:00:00

libgoogle-gson-java vulnerability

2024-03-12 15:54:06

Deserialization of Untrusted Data in Gson

2022-05-03 00:00:44

suse

Security update for google-gson (important)

2022-06-10 00:00:00

mageia

Updated google-gson packages fix security vulnerability

2022-09-21 21:15:27

K00994461: GSON vulnerability CVE-2022-25647

2022-08-29 00:00:00

nvd

CVE-2022-25647

2022-05-01 16:15:08

cve

CVE-2022-25647

2022-05-01 16:15:08

cgr

CVE-2022-25647 vulnerabilities

2024-05-19 03:07:16

debian

[SECURITY] [DSA 5227-1] libgoogle-gson-java security update

2022-09-07 10:22:18

[SECURITY] [DLA 3001-1] libgoogle-gson-java security update

2022-05-13 21:45:43

[SECURITY] [DLA 3100-1] libgoogle-gson-java security update

2022-09-07 09:14:24

ubuntu

Gson vulnerability

2024-03-12 00:00:00

broadcom

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization

2023-08-29 00:00:00

Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169

2023-08-29 00:00:00

wolfi

CVE-2022-25647 vulnerabilities

2024-07-01 09:08:36

veracode

Denial Of Service (DoS)

2022-05-04 14:43:44

prion

Deserialization of untrusted data

2022-05-01 16:15:00

github

Deserialization of Untrusted Data in Gson

2022-05-03 00:00:44

redhat

(RHSA-2022:5029) Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update

2022-06-23 10:38:34

(RHSA-2022:5928) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update

2022-08-08 19:39:55

(RHSA-2022:5894) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.

2022-08-03 15:37:48

hivepro

Critical Security Vulnerabilities Discovered in Atlassian Products

2023-09-27 10:22:43

thn

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

2023-09-22 08:00:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for OSV:CVE-2022-25647