Deserialization of Untrusted Data Vulnerability in com.google.code.gson:gson
CVE-2022-25647 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Learn more about our Internal Network Penetration Testing.