connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #353 - Remove json-smart dependency that has reported severe CVE-2021-27568 — Bitbucket

Issue #353 duplicate

Former user created an issue 2021-03-25

Remove json-smart that is not maintened anymore

Comments (2)

Roman Loyko
Looks like this vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-27568 had been fixed by json-smart: https://github.com/netplex/json-smart-v2/issues/60

Please, create a PR for the fix: https://bitbucket.org/rloyko/oauth-2.0-sdk-with-openid-connect-extensions/src/4d79e73ccfd9aac1b364151a94c80a1bb18d7c8a/pom.xml#lines-73

‌

‌
- 2021-04-05T12:15:31+00:00
Vladimir Dzhuvinov
- changed status to duplicate
Duplicate of ~~#347~~.
- 2021-04-05T16:00:15+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: critical

Status: duplicate

Milestone: –

Votes: 3

Watchers: 3

Jira: the preferred issue tracker for Bitbucket. Join the team!