Published: 01/05/2022 Updated: 28/11/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The package com.google.code.gson:gson prior to 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google gson
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0
netapp active iq unified manager -
oracle retail order broker 18.0
oracle retail order broker 19.1
oracle graalvm 20.3.6
oracle graalvm 21.3.2
oracle graalvm 22.1.0
oracle financial services crime and compliance management studio 8.0.8.2.0
oracle financial services crime and compliance management studio 8.0.8.3.0

Debian Bug report logs - #1010670 libgoogle-gson-java: CVE-2022-25647 Deserialization of Untrusted Data via the writeReplace method Package: src:libgoogle-gson-java; Maintainer for src:libgoogle-gson-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debian ...

It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a deserialization flaw An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of ...

Synopsis Moderate: Red Hat build of Eclipse Vertx 427 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of Eclipse VertxRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a d ...

Synopsis Moderate: Red Hat Process Automation Manager 7130 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Important: Service Registry (container images) release and security update [230GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues fi ...

Synopsis Important: Red Hat AMQ Streams 220 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Streams 220 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 746 Security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 746 Security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: Cryostat 211: new Cryostat on RHEL 8 container images Type/Severity Security Advisory: Moderate Topic New Cryostat 211 on RHEL 8 container images are now available Description New Cryostat 211 on RHEL 8 container images have been released, containing bug fixes and addressing the following security vulnerabilities: C ...

Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

The package comgooglecodegson:gson before 289 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks ...

Hitachi Ops Center Analyzer contain the following vulnerabilities: CVE-2021-28168, CVE-2022-25647 Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2022-0778, CVE-2022-1552, CVE-2022-25647 Affected products and versions are listed below Please upgrade your version to the app ...

CWE-502 https://github.com/google/gson/pull/1991 https://github.com/google/gson/pull/1991/commits https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html https://www.oracle.com/security-alerts/cpujul2022.html https://security.netapp.com/advisory/ntap-20220901-0009/https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html https://www.debian.org/security/2022/dsa-5227 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010670 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5227

Get Started

CVE-2022-25647

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect