Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-11340

Update net.minidev_json-smart from 2.4.8 to 2.4.9

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.20.0
    • 2.0.0-M1, 1.21.0
    • None
    • None

    Description

      Update net.minidev_json-smart from 2.4.8 to 2.4.9.  This will remediate 6.0.0.  This will remediate https://nvd.nist.gov/vuln/detail/CVE-2023-1370

      Twistlock scan reported this as high severity vulnerability in NiFi Registry 1.20.0.
      Impacted versions: <2.4.9
      Discovered: less than an hour ago
      Published: 8 hours ago
      [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

      Attachments

        Issue Links

        duplicates

        Improvement - An improvement or enhancement to an existing feature or task. NIFI-11300 Upgrade json-smart to 2.4.10

        • Major - Major loss of function.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            philiplee Phil Lee
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment