rpm package
suse/google-gson&distro=SUSE Manager Server Module 4.1
pkg:rpm/suse/google-gson&distro=SUSE%20Manager%20Server%20Module%204.1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25647 | — | < 2.8.9-150200.3.7.1 | 2.8.9-150200.3.7.1 | May 1, 2022 | The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | ||
| CVE-2020-8028 | — | < 2.8.5-3.4.3 | 2.8.5-3.4.3 | Sep 17, 2020 | A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root | ||
| CVE-2020-11022 | Med | 6.9 | < 2.8.5-3.2.6 | 2.8.5-3.2.6 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
- CVE-2022-25647May 1, 2022affected < 2.8.9-150200.3.7.1fixed 2.8.9-150200.3.7.1
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
- CVE-2020-8028Sep 17, 2020affected < 2.8.5-3.4.3fixed 2.8.5-3.4.3
A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root
- affected < 2.8.5-3.2.6fixed 2.8.5-3.2.6
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.