Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-57699 on Json-Path:2.9.0 #1031

Open
ukumar009 opened this issue Feb 10, 2025 · 4 comments
Open

CVE-2024-57699 on Json-Path:2.9.0 #1031

ukumar009 opened this issue Feb 10, 2025 · 4 comments

Comments

@ukumar009
Copy link

CVE details can be seen here: https://nvd.nist.gov/vuln/detail/CVE-2024-57699
Fix is available in json-smart-v2: https://github.com/netplex/json-smart-v2?tab=readme-ov-file#v-252-2025-02-07
@ukumar009 ukumar009 mentioned this issue Feb 10, 2025
Open
@ukumar009
Copy link
Author

Created a PR for the fix: #1030

@heemin32 heemin32 mentioned this issue Feb 14, 2025
Closed
@jkoch70
Copy link

jkoch70 commented Feb 17, 2025

Can you tell us by when we can expect a new release containing the vulnerability fix available on Maven Central?
https://mvnrepository.com/artifact/com.jayway.jsonpath/json-path

@edwinlinson
Copy link

Hi @ukumar009 , following up on @jkoch70 's question—
Could you provide an ETA for the next release containing the vulnerability fix on Maven Central?
https://mvnrepository.com/artifact/com.jayway.jsonpath/json-path

@ukumar009
Copy link
Author

Hi @edwinlinson, to be honest. I can't merge the PR. I see there is one more waiting approval. I don't know who can help me with it. I don't know anything about release cycles of this jar. Sorry : (

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkoch70 @ukumar009 @edwinlinson