The active attack scenario would be a remote code execution where a user downloads a malicious code package and the package will have access to GSON internal classes. An attacker may use GSON internal classes to cause DoS attacks. In short words, if you are using GSON, make sure that you are not using untrusted data. If you are using GSON, update to the latest version as soon as possible.
GSON is one of the most popular data serialization libraries used in Android. It is used by many Android applications to convert data from one format to another. GSON is a highly configurable data transfer mechanism that supports a wide variety of data types. In short words, GSON is used to convert data between different formats in a Android app. It supports a wide variety of data types including primitive types, strings, and complex types. The latest version of GSON has a security patch. The latest version is 2.8.9.
Google Streea – GSON Security Vulnerability
The active attack scenario would be a remote code execution where a user downloads a malicious code package and the package will have access to GSON internal classes. An attacker may use GSON internal classes to cause DoS attacks. In short words, if you are using GSON, make sure that you are not using untrusted data. If you are using GSON, update to the latest version as soon as possible.
The most recent version of the library is 2.8.9 which was released on July 17th, 2018.
How to Install GSON 3.2 in Ubuntu
The first step is to download the latest version of GSON. The latest version is 3.2.
You can find more details in the following instructions: download and installation instructions for the latest GSON release
Attack Scenario
If you are using GSON, make sure that you are not using untrusted data. The active attack scenario would be a remote code execution where a user downloads a malicious code package and the package will have access to GSON internal classes. An attacker may use GSON internal classes to cause DoS attacks. In short words, if you are using GSON, update to the latest version as soon as possible.
How to upgrade GSON?
Step 1: Update to the latest version of GSON.
Step 2: In Eclipse, go to Window -> Preferences -> Android -> Data Binding -> Add Data Type.
Step 3: Click on Browse... to select your data type.
Step 4: Click on OK and finish creating the new data type.
Timeline
Published on: 05/01/2022 16:15:00 UTC
Last modified on: 07/25/2022 18:22:00 UTC
References
- https://github.com/google/gson/pull/1991
- https://github.com/google/gson/pull/1991/commits
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25647