The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. https://github.com/google/gson/pull/1991 https://github.com/google/gson/pull/1991/commits https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2022:4985 https://access.redhat.com/errata/RHSA-2022:4985
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25647
This issue has been addressed in the following products: Red Hat build of Eclipse Vert.x 4.2.7 Via RHSA-2022:5029 https://access.redhat.com/errata/RHSA-2022:5029
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2022:5893 https://access.redhat.com/errata/RHSA-2022:5893
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2022:5892 https://access.redhat.com/errata/RHSA-2022:5892
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2022:5894 https://access.redhat.com/errata/RHSA-2022:5894
This issue has been addressed in the following products: RHPAM 7.13.0 async Via RHSA-2022:5903 https://access.redhat.com/errata/RHSA-2022:5903
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2022:5928 https://access.redhat.com/errata/RHSA-2022:5928
This issue has been addressed in the following products: Red Hat AMQ Streams 2.2.0 Via RHSA-2022:6819 https://access.redhat.com/errata/RHSA-2022:6819
This issue has been addressed in the following products: RHINT Service Registry 2.3.0 GA Via RHSA-2022:6835 https://access.redhat.com/errata/RHSA-2022:6835