Deserialization of Untrusted Data Vulnerability in com.google.code.gson:gson

Deserialization of Untrusted Data Vulnerability in com.google.code.gson:gson

CVE-2022-25647 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Learn more about our Internal Network Penetration Testing.