Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

org.json.json version 20231013.jar is identified as vulnerable by OWASP Dependency checker 8.3.1 #6188

Closed
bhaskar-s-019 opened this issue Dec 1, 2023 · 2 comments
Closed

org.json.json version 20231013.jar is identified as vulnerable by OWASP Dependency checker 8.3.1 #6188

bhaskar-s-019 opened this issue Dec 1, 2023 · 2 comments
Labels
duplicate question

Comments

@bhaskar-s-019
Copy link

org.json.json.20231013.jar is shown as not vulnerable in MVN repo

D1

However OWASP dependency checker points it as vulnerable, any suggestions/help is much appreciated.

D2

CVE-2022-45688 and CVE-2023-5072
@chadlwilson
Copy link
Contributor

In future you are better to report which plugin you are using etc (CLI, gradle plugin, maven plugin etc). Suggest trying to search for other issues before asking a question as well.

This is likely a duplicate of #5545 and/or #5991 - suggest you upgrade to at least the latest 8.x version (8.4.1 may fix one or both of these). If not, close this and subscribe to those existing issues.

@bhaskar-s-019
Copy link
Author

Thank you. Yes, I will be more specific in the details.
Using version 8.4.1 it gets resolved

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 15, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
duplicate question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeremylong @bhaskar-s-019 @chadlwilson