- edited description
Upgrade json-smart dependency to fix security vulnerability CVE-2021-27568
Issue #355
resolved
The vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-27568 had been fixed by json-smart: https://github.com/netplex/json-smart-v2/issues/60
Please, create a PR for the fix: https://bitbucket.org/rloyko/oauth-2.0-sdk-with-openid-connect-extensions/src/4d79e73ccfd9aac1b364151a94c80a1bb18d7c8a/pom.xml#lines-73
Related with: https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/353/remove-json-smart-dependency-that-has
Comments (5)
-
reporter -
reporter -
reporter - edited description
-
There has been a fix for the CVE for some time now.
version 9.2.1 (2021-02-25) * Catches unexpected exceptions in JSONUtils.parseJSON(String) into ParseException, see https://github.com/netplex/json-smart-v1/issues/7 (iss #347).
Will bump JSON Smart in the next release.
-
- changed status to resolved
Commit 0393113f bumps JSON Smart to
[1.3.2,2.4.2]
- Log in to comment