JsonSurfer icon indicating copy to clipboard operation
JsonSurfer copied to clipboard

Published 20 hours ago verified publisher icon wanglingsong

Gson before 2.8.9 are vulnerable

Open dohongdayi opened this issue 2 years ago • 1 comments

Gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks, according to https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327

dohongdayi avatar Aug 15 '22 02:08 dohongdayi

Thanks for the info. Will try to upgrade it soon

wanglingsong avatar Aug 15 '22 05:08 wanglingsong