vulnerable version of org.json:json #2128
Comments
sdelamo
added a commit
to micronaut-projects/micronaut-views
that referenced
this issue
Aug 8, 2024
Soy brings `org.json:json` as a transtivite dependency. Unfortunately, it brings https://ossindex.sonatype.org/component/pkg:maven/org.json/json@20230618 which is affected by a HIGH CVE. There is no version of soy patched. I reported an issue: google/closure-templates#2128 This PR forces `org.json:json` to first patched version. I have verified with the sonatype scan gradle plugin this PR fixes the issue: http://localhost/sergiodelamo.com/blog/2024-08-08-sonatype-scan-gradle-plugin.html
sdelamo
added a commit
to micronaut-projects/micronaut-views
that referenced
this issue
Aug 8, 2024
Soy brings `org.json:json` as a transtivite dependency. Unfortunately, it brings https://ossindex.sonatype.org/component/pkg:maven/org.json/json@20230618 which is affected by a HIGH CVE. There is no version of soy patched. I reported an issue: google/closure-templates#2128 This PR forces `org.json:json` to first patched version. I have verified with the sonatype scan gradle plugin this PR fixes the issue: http://localhost/sergiodelamo.com/blog/2024-08-08-sonatype-scan-gradle-plugin.html
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The project depends on
org.json:json:20230618. That version has a high scored vulnerability.The text was updated successfully, but these errors were encountered: