Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2021-0419

Good to know:

icon
icon

Date: October 11, 2021

Denial of Service vulnerability was discovered in gson before 2.8.9 via the writeReplace() method.

Language: Java

Severity Score

Related Resources (2)

https://github.com/google/gson/pull/1991
https://www.mend.io/vulnerability-database/WS-2021-0419

Severity Score

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

icon

Upgrade Version

Upgrade to version ddkits/cli - dev-beta2;ddkits/cli - dev-produc;ddkits/cli - v143.x-dev;ddkits/cli - 4.20;ddkits/cli - v1.21.x-dev;tikiwiki/diagram - v13.10.5;tikiwiki/diagram - v14.1.2;tikiwiki/diagram - v15.8.8;tikiwiki/diagram - v13.9.7;tikiwiki/diagram - v13.6.6;tikiwiki/diagram - v14.2.8;tikiwiki/diagram - v15.7.4;pyspark - 3.2.3;pyspark - no_fix;pyspark - 3.3.2;pyspark - 3.5.0;JetBrains.Rider.Frontend2 - 203.0.20200923.135724-eap01;JetBrains.Rider.Frontend2 - 212.0.20210730.195106;JetBrains.Rider.Frontend2 - 211.0.20210130.101832-eap01;JetBrains.Rider.Frontend2 - 203.0.20201127.95230-eap09;JetBrains.Rider.Frontend2 - 203.0.20201211.142525;oxil/kinikit-mvc - v0.3;oxil/kinikit-mvc - v0.6;oxil/kinikit-mvc - v0.5;oxil/kinikit-mvc - v0.1;oxil/kinikit-mvc - v0.7;oxil/kinikit-mvc - dev-refactoring;oxil/kinikit-mvc - v0.2;nextflow - 23.04.1;metanovo - no_fix;peptide-shaker - 1.16.26;peptide-shaker - 2.2.17;existdb - 4.4.0;existdb - no_fix;Flyway.CommandLine.Jre - 8.2.2;cromwell - 0.32;myparkfolio/jars-gson - 2.1.0;myparkfolio/jars-gson - no_fix;sklearn2pmml - 0.76.1;sklearn2pmml - 0.66.0;watchdog-wms - 2.0.5;watchdog-wms - 2.0.8;r-provviz - no_fix;oxil/kinibook - 0.0.1;malt - no_fix;malt - 0.41;flash20/yii2-adminh-asset - no_fix;lizetheb1920/high-chart - no_fix;gradle - 6.3.0;gradle - no_fix;mpa-portable - no_fix;beakerx - no_fix;igv - 2.8.10;igv - 2.8.3;igv - no_fix;searchgui - 4.0.41;searchgui - 4.0.12;r-r2pmml - no_fix;xorti/mxgraph-editor - v3.9.8;fiji - 20231211;pepquery - no_fix;interproscan - 5.59_91.0;sirius-csifingerid - 5.8.2;DapiConnect-Xamarin.Android - 0.1.1;igvtools - no_fix;salesforce-merlion - 1.1.0;Micro-Manager.NET - no_fix;purepanel/dashboard-module - v1.1.2;Flyway.CommandLine - 8.2.2;megan - no_fix;logstash-binary - no_fix;pepgenome - no_fix;genomestrip - no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.0.0.redhat-394;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.0.0.redhat-412;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.2.0.redhat-133;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.2.0.redhat-133;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.5.X;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;io.hawt:social-plugin:1.4.1;org.jboss.bpm:gwt-console-server:no_fix;org.jboss.bpm:gwt-console-server:no_fix;io.apiman:apiman-manager-api-war:1.2.1.Final;org.kie:keycloak-kie-server-spring-boot-sample:7.60.0.Final;org.infinispan:infinispan-gridfs-webdav:9.0.0.Alpha1;org.infinispan:infinispan-embedded:9.0.0.Alpha1;com.redhat.fuse.boosters.tracing:greetings-service:no_fix;org.jboss.bpm:report-server:no_fix;org.teiid:vdb-base-builder:1.6.0;io.syndesis.meta:meta:1.13.1;io.syndesis.meta:meta:1.13.1;org.uberfire:showcase-distribution-wars:7.40.0.Final;org.uberfire:showcase-distribution-wars:7.40.0.Final;org.riftsaw.console:switchyard-bpel-console-server:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;org.riftsaw.console:switchyard-bpel-console-server:no_fix;com.google.code.gson:gson:2.8.9;com.google.code.gson:gson:2.8.9;com.google.code.gson:gson:2.8.9;com.google.code.gson:gson:2.8.9;com.google.code.gson:gson:2.8.9;io.fabric8.quickstarts:spring-boot-camel-infinispan:no_fix;org.infinispan:infinispan-remote:9.0.0.Alpha1;org.kie:kie-server-spring-boot-kafka-sample:7.60.0.Final;io.syndesis.server:server-runtime:1.13.1;com.redhat.fuse.boosters.tracing:name-service:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us