Deserialization of Untrusted Data
The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Advisories for Maven/Com.google.code.gson/Gson package
2022