Search CVE reports
1 – 2 of 2 results
Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson...
1 affected package
libgoogle-gson-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgoogle-gson-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 7
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
1 affected package
libgoogle-gson-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgoogle-gson-java | Not affected | Fixed | Fixed | Fixed |