WS-2021-0419 (High) detected in gson-2.8.0.jar
Opened this issue · 0 comments
mend-bolt-for-github commented
WS-2021-0419 - High Severity Vulnerability
Vulnerable Library - gson-2.8.0.jar
Gson JSON library
Library home page: https://github.com/google/gson
Path to dependency file: /pom.xml
Path to vulnerable library: /canner/.m2/repository/com/google/code/gson/gson/2.8.0/gson-2.8.0.jar
Dependency Hierarchy:
- ❌ gson-2.8.0.jar (Vulnerable Library)
Found in HEAD commit: 7baeabef941f276d373d889506fe0a0cf89f4ee6
Found in base branch: master
Vulnerability Details
Denial of Service vulnerability was discovered in gson before 2.8.9 via the writeReplace() method.
Publish Date: 2021-10-11
URL: WS-2021-0419
CVSS 3 Score Details (7.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with Mend here