[MODAUD-135] json-path 2.7.0 fixing json-smart DoS CVE-2021-27568 - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Labels:
- security

Template:

Standard Bug Write-Up Format
Development Team:
Firebird
RCA Group:
Related dependency upgrade

Description

Upgrade com.jayway.jsonpath:json-path from 2.5.0 to 2.7.0. This indirectly upgrades net.minidev:json-smart from 2.3 to 2.4.7 fixing Denial of Service (DoS): https://nvd.nist.gov/vuln/detail/cve-2021-27568

Adding <scope>test</scope> as json-path/json-smart is used in tests only.

TestRail: Results

Attachments

Activity

People

Assignee:: Viachaslau Khandramai

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Oct/22 7:52 PM

Updated:: 12/Oct/22 6:33 PM

Resolved:: 12/Oct/22 6:33 PM

json-path 2.7.0 fixing json-smart DoS CVE-2021-27568