SDK impacted by CVE-2022-25647

[ZOlbrys]

Checklist before submitting a bug report

• [X] I've updated to the latest released version of the SDK
• [X] I've searched for existing Github issues
• [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
• [X] I've read the Code of Conduct
• [X] This issue is not security related and can safely be disclosed publicly on GitHub

Java version

17

Android version

API 34

Android SDK version

16.0.0

Installation platform & version

AGP 8.3.0

Package

Gaming Services

Goals

The supplied version of gson in the FB SDK has a security issue (CVE-2022-25647).

Expected results

A newer version of gson without CVE-2022-25647 should be used

Actual results

....com.facebook.android:facebook-android-sdk@16.0.0 › 
com.facebook.android:facebook-gamingservices@16.0.0 › 
com.google.code.gson:gson@2.8.8

Gson 2.8.8 is added via the gamingservices SDK, which has a security vulnerability, see https://www.cve.org/CVERecord?id=CVE-2022-25647