-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Yes
magnolia-empty-webapp-6.2-SNAPSHOT.war: accessors-smart-2.4.9.jar (pkg:maven/net.minidev/accessors-smart@2.4.9, cpe:2.3:a:json-smart_project:json-smart:2.4.9:{*}:{*}:{*}:{*}:{*}:{*}:{*}, cpe:2.3:a:json-smart_project:json-smart-v2:2.4.9:{*}:{*}:{*}:{*}:{*}:{*}:{*}) : CVE-2023-1370
https://nvd.nist.gov/vuln/detail/CVE-2023-1370
https://github.com/netplex/json-smart-v2#v-2410-2023-03-17
The CVE check erroneously matches accessors-smart version 2.4.9 but the artifact affected is json-smart prior to version 2.4.10. Magnolia uses the latest json-smart 2.4.10.
Acceptance criteria