Published 1 year ago
Last updated 11 months ago
7.7
CVSS V3
Deserialization of Untrusted Data in Gson
The package com.google.code.gson:gson
before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace()
method in internal classes, which may lead to denial of service attacks.
3 updates