[
https://issues.apache.org/jira/browse/KNOX-3168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-3168:
--------------------------------
Description:
A newer and stable version of json-smart is there updating the pom.xml for the
same.
The previous version (2.4.9) was affected by *CVE-2024-57699:*
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When
loading a specially crafted JSON input, containing a large number of ’{’, a
stack exhaustion can be trigger, which could allow an attacker to cause a
Denial of Service (DoS). This issue exists because of an incomplete fix for
CVE-2023-1370.
Severity: 7.5 (high)
[NVD - CVE-2024-57699|https://nvd.nist.gov/vuln/detail/CVE-2024-57699]
[CVE-2024-57699 - GitHub Advisory
Database|https://github.com/advisories/GHSA-pq2g-wx69-c263]
was:A newer and stable version of json-smart is there updating the pom.xml
for the same
> Update to json-smart-2.5.2
> --------------------------
>
> Key: KNOX-3168
> URL: https://issues.apache.org/jira/browse/KNOX-3168
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Raghav Maheshwari
> Priority: Trivial
> Fix For: 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> A newer and stable version of json-smart is there updating the pom.xml for
> the same.
> The previous version (2.4.9) was affected by *CVE-2024-57699:*
> A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When
> loading a specially crafted JSON input, containing a large number of ’{’, a
> stack exhaustion can be trigger, which could allow an attacker to cause a
> Denial of Service (DoS). This issue exists because of an incomplete fix for
> CVE-2023-1370.
> Severity: 7.5 (high)
> [NVD - CVE-2024-57699|https://nvd.nist.gov/vuln/detail/CVE-2024-57699]
> [CVE-2024-57699 - GitHub Advisory
> Database|https://github.com/advisories/GHSA-pq2g-wx69-c263]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
