High severity7.7NVD Advisory· Published May 1, 2022· Updated May 22, 2026
CVE-2022-25647
CVE-2022-25647
Description
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.google.code.gson:gsonMaven | < 2.8.9 | 2.8.9 |
Affected products
130cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*+ 2 more
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*+ 2 more
- cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
- google.code.gson/gsondescription
- osv-coords115 versionspkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:maven/com.google.code.gson/gsonpkg:rpm/opensuse/google-gson&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/google-gson&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/google-gson&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/google-gson&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Server%20Module%204.3
< 439-r0+ 114 more
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 439-r0
- (no CPE)range: < 2.8.9
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.7.1
- (no CPE)range: < 2.8.9-150200.3.6.3
- (no CPE)range: < 2.8.9-150200.3.6.3
Patches
Vulnerability mechanics
References
11- github.com/google/gson/pull/1991nvdPatchThird Party AdvisoryWEB
- github.com/google/gson/pull/1991/commitsnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2022.htmlnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-4jrv-ppp4-jm57ghsaADVISORY
- lists.debian.org/debian-lts-announce/2022/05/msg00015.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2022/09/msg00009.htmlnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-25647ghsaADVISORY
- security.netapp.com/advisory/ntap-20220901-0009/nvdThird Party Advisory
- snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327nvdThird Party AdvisoryWEB
- www.debian.org/security/2022/dsa-5227nvdThird Party AdvisoryWEB
- security.netapp.com/advisory/ntap-20220901-0009ghsaWEB
News mentions
0No linked articles in our index yet.