-
Notifications
You must be signed in to change notification settings - Fork 40.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to JsonPath 2.9.0 #39328
Comments
spring-projects-issues
added
the
status: waiting-for-triage
An issue we've not yet triaged
label
Jan 29, 2024
Thanks. We're aware of the CVE and considering what to do here. In the meantime, please be aware that:
|
Thank you @wilkinsona |
philwebb
added
for: external-project
For an external project and not something we can fix
and removed
status: waiting-for-triage
An issue we've not yet triaged
labels
Jan 29, 2024
bclozel
changed the title
com.jayway.jsonpath:json-path is vulnerable to Buffer Overflow: CVE-2023-51074
json-path is vulnerable to CVE-2023-51074
Jan 30, 2024
bclozel
added
type: dependency-upgrade
A dependency upgrade
and removed
for: external-project
For an external project and not something we can fix
labels
Feb 4, 2024
bclozel
changed the title
json-path is vulnerable to CVE-2023-51074
Upgrade to JsonPath 2.9.0
Feb 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
com.jayway.jsonpath:json-path
is vulnerable to a buffer overflow per (CVE-2023-51074](https://www.cve.org/CVERecord?id=CVE-2023-51074).We are using 2.7.18 and this is being flagged by our SCA tool.
Please upgrade json-path to 2.9.0.
json-path/JsonPath#973
Thank you.
The text was updated successfully, but these errors were encountered: