botnerd
commented
3 years ago Thank you for reporting this. We will update the gson library in the next release.
Closed hatched-MaciejPrzybylski closed 3 years ago
botnerd
commented
3 years ago Thank you for reporting this. We will update the gson library in the next release.
botnerd
commented
3 years ago This has been resolved in v2.2.1
pickup module contains dependency which has security issue
Introduced through com.radiusnetworks.flybuy:pickup@2.2.0
Fixed in com.google.code.gson:gson@2.8.9
Exploit maturity NO KNOWN EXPLOIT
Detailed paths Introduced through: unknown:unknown@0.0.0 › com.radiusnetworks.flybuy:pickup@2.2.0 › com.radiusnetworks.flybuy:core@2.2.0 › com.google.code.gson:gson@2.8.6 Introduced through: unknown:unknown@0.0.0 › com.radiusnetworks.flybuy:pickup@2.2.0 › com.radiusnetworks.flybuy:core@2.2.0 › com.radiusnetworks.flybuy:api@2.2.0 › com.squareup.retrofit2:converter-gson@2.9.0 › com.google.code.gson:gson@2.8.6
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.