Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerabilities in the latest 20240303 version #906

Open
abanias opened this issue Oct 3, 2024 · 1 comment
Open

Vulnerabilities in the latest 20240303 version #906

abanias opened this issue Oct 3, 2024 · 1 comment

Comments

@abanias
Copy link

abanias commented Oct 3, 2024

Our OWASP scan detects two high vulnerabilities for the org.json:json:20240303 version:

https://nvd.nist.gov/vuln/detail/CVE-2022-45688
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072

At the same time https://security.snyk.io/package/maven/org.json:json doesn't show any vulnerabilities for the last version.

Could you please confirm or decline that mentioned vulnerabilities are false positive?

@stleary
Copy link
Owner

stleary commented Oct 5, 2024

@abanias Sorry for not replying sooner.

https://nvd.nist.gov/vuln/detail/CVE-2022-45688
Feel free to propose a fix for this.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072
I believe this was fixed in the 20231013 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants