CVE-2022-25647
Published
CVSS v3
7.7
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
A Java serialization/deserialization library to convert Java Objects into JSON and back
GitHub