{"schema_version":"1.7.2","id":"OESA-2022-1663","modified":"2022-05-20T11:03:47Z","published":"2022-05-20T11:03:47Z","upstream":["CVE-2022-25647"],"summary":"google-gson security update","details":"Gson is a Java library that can be used to convert a Java object into its JSON representation. It can also be used to convert a JSON string into an equivalent Java object. Gson can work with arbitrary Java objects including pre-existing objects that you do not have source-code of. There are a few open-source projects that can convert Java objects to JSON. However, most of them require that you place Java annotations in your classes; something that you can not do if you do not have access to the source-code. Most also do not fully support the use of Java Generics. Gson considers both of these as very important design goals.\n\nSecurity Fix(es):\n\nThe package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.(CVE-2022-25647)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"google-gson","purl":"pkg:rpm/openEuler/google-gson\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.2-4.oe1"}]}],"ecosystem_specific":{"noarch":["google-gson-2.8.2-4.oe1.noarch.rpm"],"src":["google-gson-2.8.2-4.oe1.src.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"google-gson","purl":"pkg:rpm/openEuler/google-gson\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.2-4.oe1"}]}],"ecosystem_specific":{"noarch":["google-gson-2.8.2-4.oe1.noarch.rpm "],"src":["google-gson-2.8.2-4.oe1.src.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"google-gson","purl":"pkg:rpm/openEuler/google-gson\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.2-4.oe2203"}]}],"ecosystem_specific":{"noarch":["google-gson-2.8.2-4.oe2203.noarch.rpm "],"src":["google-gson-2.8.2-4.oe2203.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1663"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25647"}],"database_specific":{"severity":"High"}}