[BUILD-1040] Dismiss CVE mismatch about json-smart-v2 Created: 03/Apr/23  Updated: 14/Apr/23  Resolved: 03/Apr/23

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Team: Foundation
Work Started:
Approved:
Yes

 Description   
magnolia-empty-webapp-6.2-SNAPSHOT.war: accessors-smart-2.4.9.jar (pkg:maven/net.minidev/accessors-smart@2.4.9, cpe:2.3:a:json-smart_project:json-smart:2.4.9:{*}:{*}:{*}:{*}:{*}:{*}:{*}, cpe:2.3:a:json-smart_project:json-smart-v2:2.4.9:{*}:{*}:{*}:{*}:{*}:{*}:{*}) : CVE-2023-1370

https://nvd.nist.gov/vuln/detail/CVE-2023-1370
https://github.com/netplex/json-smart-v2#v-2410-2023-03-17

The CVE check erroneously matches accessors-smart version 2.4.9 but the artifact affected is json-smart prior to version 2.4.10. Magnolia uses the latest json-smart 2.4.10.


Generated at Sun Feb 11 23:47:35 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.