CVE-2022-25647

Summary

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Affected Software

VendorProductVersion RangeStatus
n/acom.google.code.gson:gsonunspecified < 2.8.9affected

Weaknesses

  • Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References