CVE: 2022-47937 found in Apache Sling JSON Library - Version: 2.0.4-incubator [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Apache Sling JSON Library
Description	Apache Sling JSON Library
Language	JAVA
Vulnerability	Improper Input Validation
Vulnerability description	org.apache.sling.commons.json is vulnerable to Improper Input Validation. The vulnerability exists because the library does not properly validate user inputs, which allows an attacker to trigger unexpected errors by supplying maliciously crafted input.
CVE	2022-47937
CVSS score	9.3
Vulnerability present in version/s	2.0.2-incubator-2.0.20
Found library version/s	2.0.4-incubator
Vulnerability fixed in version
Library latest version	2.0.20
Fix	The maintainer no longer supports this package. It is recommended to use alternative packages

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/166152?version=2.0.4-incubator
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/40560
• Patch:

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54