connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #381 - Update json-smart for version 8.x — Bitbucket

Issue #381 resolved

Former user created an issue 2022-01-12

A vulnerability has been discovered in version 2.4.2 CVE-2021-31684, could you please upgrade the version of the library in the branch 8.x?

Thanks a lot for your attention.

Comments (2)

Yavor Vasilev
- changed status to open
You are safe, the parser wrapper catches all unchecked exceptions:

https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/f16f075ad5f994dd087a7a5ea4fe126ea8f61556/src/main/java/com/nimbusds/oauth2/sdk/util/JSONUtils.java#lines-55

(there have been other unchecked exceptions in the JSON Smart parse method in the past)
- 2022-01-21T12:17:04+00:00
Yavor Vasilev
- changed status to resolved
Update not necessary
- 2022-07-06T08:14:52+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Milestone: –

Votes: 0

Watchers: None

Jira: the preferred issue tracker for Bitbucket. Join the team!