JSON-java icon indicating copy to clipboard operation
JSON-java copied to clipboard

Published 20 hours ago verified publisher icon stleary

Vulnerabilities in the latest 20240303 version

Open abanias opened this issue 1 year ago • 1 comments

Our OWASP scan detects two high vulnerabilities for the org.json:json:20240303 version:

https://nvd.nist.gov/vuln/detail/CVE-2022-45688 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072

At the same time https://security.snyk.io/package/maven/org.json:json doesn't show any vulnerabilities for the last version.

Could you please confirm or decline that mentioned vulnerabilities are false positive?

abanias avatar Oct 03 '24 08:10 abanias

@abanias Sorry for not replying sooner.

https://nvd.nist.gov/vuln/detail/CVE-2022-45688 Feel free to propose a fix for this.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5072 I believe this was fixed in the 20231013 release.

stleary avatar Oct 05 '24 15:10 stleary

Closed due to all known vulnerabilties addressed in v20241224

stleary avatar Jan 05 '25 16:01 stleary