Lucene search
GoogleOSV:GHSA-4JRV-PPP4-JM57HistoryMay 03, 2022 - 12:00 a.m.
Deserialization of Untrusted Data in Gson
2022-05-0300:00:44
Google
osv.dev
469
0.002 Low
EPSS
Percentile
65.0%
The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks.
References
github.com/google/gson
github.com/google/gson/pull/1991
github.com/google/gson/pull/1991/commits
lists.debian.org/debian-lts-announce/2022/05/msg00015.html
lists.debian.org/debian-lts-announce/2022/09/msg00009.html
nvd.nist.gov/vuln/detail/CVE-2022-25647
security.netapp.com/advisory/ntap-20220901-0009
snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
www.debian.org/security/2022/dsa-5227
www.oracle.com/security-alerts/cpujul2022.html
Related
ubuntucve
ubuntucve
CVE-2022-25647
2022-05-01 00:00:00
alpinelinux
alpinelinux
CVE-2022-25647
2022-05-01 16:15:08
openvas
openvas
Ubuntu: Security Advisory (USN-6692-1)
2024-03-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2044-1)
2022-06-13 00:00:00
Debian: Security Advisory (DLA-3001-1)
2022-05-14 00:00:00
nessus
nessus
Oracle Enterprise Manager Cloud Control (Jan 2023 CPU)
2023-01-18 00:00:00
Oracle Application Testing Suite DoS (October 2023 CPU)
2023-10-26 00:00:00
Debian DLA-3100-1 : libgoogle-gson-java - LTS security update
2022-09-07 00:00:00
redhatcve
redhatcve
CVE-2022-25647
2022-05-02 07:38:06
atlassian
atlassian
ibm
ibm
Security Bulletin: Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent
2023-07-14 13:38:34
osv
osv
CVE-2022-25647
2022-05-01 16:15:08
libgoogle-gson-java vulnerability
2024-03-12 15:54:06
libgoogle-gson-java - security update
2022-05-13 00:00:00
debiancve
debiancve
CVE-2022-25647
2022-05-01 16:15:08
cvelist
cvelist
CVE-2022-25647 Deserialization of Untrusted Data
2022-05-01 00:00:00
f5
f5
K00994461: GSON vulnerability CVE-2022-25647
2022-08-29 00:00:00
nvd
nvd
CVE-2022-25647
2022-05-01 16:15:08
cve
cve
CVE-2022-25647
2022-05-01 16:15:08
debian
debian
[SECURITY] [DSA 5227-1] libgoogle-gson-java security update
2022-09-07 10:22:18
[SECURITY] [DLA 3001-1] libgoogle-gson-java security update
2022-05-13 21:45:43
[SECURITY] [DLA 3100-1] libgoogle-gson-java security update
2022-09-07 09:14:24
cgr
cgr
CVE-2022-25647 vulnerabilities
2024-05-19 03:07:16
suse
suse
Security update for google-gson (important)
2022-06-10 00:00:00
mageia
mageia
Updated google-gson packages fix security vulnerability
2022-09-21 21:15:27
ubuntu
ubuntu
Gson vulnerability
2024-03-12 00:00:00
broadcom
broadcom
wolfi
wolfi
CVE-2022-25647 vulnerabilities
2024-07-01 09:08:36
veracode
veracode
Denial Of Service (DoS)
2022-05-04 14:43:44
prion
prion
Deserialization of untrusted data
2022-05-01 16:15:00
github
github
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
redhat
redhat
hivepro
hivepro
Critical Security Vulnerabilities Discovered in Atlassian Products
2023-09-27 10:22:43
thn
thn
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
2023-09-22 08:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00