- changed status to open
Update json-smart for version 8.x
Issue #381
resolved
A vulnerability has been discovered in version 2.4.2 CVE-2021-31684, could you please upgrade the version of the library in the branch 8.x?
Thanks a lot for your attention.
Comments (2)
-
-
- changed status to resolved
Update not necessary
- Log in to comment
You are safe, the parser wrapper catches all unchecked exceptions:
https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/f16f075ad5f994dd087a7a5ea4fe126ea8f61556/src/main/java/com/nimbusds/oauth2/sdk/util/JSONUtils.java#lines-55
(there have been other unchecked exceptions in the JSON Smart parse method in the past)