Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-11340

Update net.minidev_json-smart from 2.4.8 to 2.4.9

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.20.0
    • 2.0.0-M1, 1.21.0
    • None
    • None

    Description

      Update net.minidev_json-smart from 2.4.8 to 2.4.9.  This will remediate 6.0.0.  This will remediate https://nvd.nist.gov/vuln/detail/CVE-2023-1370

      Twistlock scan reported this as high severity vulnerability in NiFi Registry 1.20.0.
      Impacted versions: <2.4.9
      Discovered: less than an hour ago
      Published: 8 hours ago
      [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-11300 Upgrade json-smart to 2.4.10

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              philiplee Phil Lee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: