Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Mitigate dependency vulnerability in a2d2: json-20230227.jar #390

Merged
merged 1 commit into from
Oct 24, 2023
Merged

Conversation

ddjain
Copy link
Contributor

@ddjain ddjain commented Oct 24, 2023

Suppressed the vulnerability for json-20230227.jar
This vulnerability appears due to the JSONTokener.next() which leads to the "Parsing untrusted input could then potentially lead to OutOfMemoryError even for quite small input strings."
We have not used the JSONTokener.next() in the code, so we are not directly vulnerable to this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2023-5072

stleary/JSON-java#758

@ddjain ddjain merged commit e97d9c9 into main Oct 24, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants