connect2id / Nimbus-JOSE-JWT / issues / #413 - Remove json-smart dependency that have reported severe CVE-2021-27568 — Bitbucket

Issue #413 wontfix

Former user created an issue 2021-03-25

Hi,

Is it plan to remove json-smart dependency that seems not maintened anymore.

Regards

Comments (1)

Vladimir Dzhuvinov
- changed status to wontfix
The lib got some attention recently and outstanding bugs had been resolved. https://github.com/netplex/json-smart-v2/issues The mentioned CVE had been handled in the code since 2019 with this simple measure:

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/c35e0e037390f8916f0d4be33b466a7795e96e5a
- 2021-05-04T18:10:09+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: critical

Status: wontfix

Component: –

Milestone: –

Votes: 0

Watchers: None

Jira: the preferred issue tracker for Bitbucket. Join the team!