Deserialization of Untrusted Data in Gson

Description

The package `com.google.code.gson:gson` before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the `writeReplace()` method in internal classes, which may lead to denial of service attacks.

Repository: OpenNMS/alec (https://github.com/OpenNMS/alec)
Dependabot: https://github.com/OpenNMS/alec/security/dependabot/12
CVE: CVE-2022-25647
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
GHSA: GHSA-4jrv-ppp4-jm57
Severity: high
Ecosystem: maven
Package Name: com.google.code.gson:gson
Vulnerable Version Range: < 2.8.9
First Patched Version: 2.8.9

Activity

Show:

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty

Created July 19, 2023 at 12:43 PM

Updated July 19, 2023 at 12:43 PM

Deserialization of Untrusted Data in Gson

Description

Activity

DetailsAssigneeUnassignedUnassignedReporteronms security jiraonms security jiraLabelsdependabotsecurityPriorityTrivial

Details

Assignee

Reporter

Labels

Priority

PagerDutyPagerDuty Incident

PagerDuty

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty