- changed status to wontfix
Remove json-smart dependency that have reported severe CVE-2021-27568
Issue #413
wontfix
Hi,
Is it plan to remove json-smart dependency that seems not maintened anymore.
Regards
Comments (1)
-
- Log in to comment
The lib got some attention recently and outstanding bugs had been resolved. https://github.com/netplex/json-smart-v2/issues The mentioned CVE had been handled in the code since 2019 with this simple measure:
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/c35e0e037390f8916f0d4be33b466a7795e96e5a