Open teodorakostova opened 1 year ago
There is a CVE against org.json now: https://nvd.nist.gov/vuln/detail/CVE-2022-45688 and the fix is in recent release: https://github.com/stleary/JSON-java/releases/tag/20230227
This issue still exists in this project because com.unboundid.components uses an old version of org.json library - org.json:json:20140107. The root cause is https://github.com/pingidentity/scim/blob/d007f3f614bef6316e613c5bf8985b886f0ef748/scim-sdk/src/main/java/com/unboundid/scim/marshal/json/JsonStreamMarshaller.java#L86 JSONWriter has been updated to use Appender instead of Writter class in the newer json library.
com.unboundid.components uses an old version of org.json library - org.json:json:20140107
Latest version of org.json:
After update of org.json library in my project I get the following exception: