search

wanglingsong / JsonSurfer

A streaming JsonPath processor in Java
MIT License
294 stars 55 forks source link

Gson before 2.8.9 are vulnerable #77

Closed dohongdayi closed 11 months ago

dohongdayi commented 2 years ago

Gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks, according to https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327

wanglingsong commented 2 years ago

Thanks for the info. Will try to upgrade it soon