search

stleary / JSON-java

A reference implementation of a JSON package in Java.
http://stleary.github.io/JSON-java/index.html
Other
4.54k stars 2.56k forks source link

Vulnerabilities in the latest 20240303 version #906

Open abanias opened 1 month ago

abanias commented 1 month ago

Our OWASP scan detects two high vulnerabilities for the org.json:json:20240303 version:

https://nvd.nist.gov/vuln/detail/CVE-2022-45688 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072

At the same time https://security.snyk.io/package/maven/org.json:json doesn't show any vulnerabilities for the last version.

Could you please confirm or decline that mentioned vulnerabilities are false positive?

stleary commented 1 month ago

@abanias Sorry for not replying sooner.

https://nvd.nist.gov/vuln/detail/CVE-2022-45688 Feel free to propose a fix for this.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072 I believe this was fixed in the 20231013 release.