CVE
CVE-2022-25647
Deserialization of Untrusted Data in Gson
The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks.
Endor Patches
Patch Name
Vulnerabilities fixed
Lines of Code Changed