facebook-android-sdk
facebook-android-sdk copied to clipboard
Published
20 hours ago •
facebook
facebook
SDK impacted by CVE-2022-25647
Checklist before submitting a bug report
- [X] I've updated to the latest released version of the SDK
- [X] I've searched for existing Github issues
- [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
- [X] I've read the Code of Conduct
- [X] This issue is not security related and can safely be disclosed publicly on GitHub
Java version
17
Android version
API 34
Android SDK version
16.0.0
Installation platform & version
AGP 8.3.0
Package
Gaming Services
Goals
The supplied version of gson in the FB SDK has a security issue (CVE-2022-25647).
Expected results
A newer version of gson without CVE-2022-25647 should be used
Actual results
....com.facebook.android:[email protected] ›
com.facebook.android:[email protected] ›
com.google.code.gson:[email protected]
Gson 2.8.8 is added via the gamingservices SDK, which has a security vulnerability, see https://www.cve.org/CVERecord?id=CVE-2022-25647
