[
https://issues.apache.org/jira/browse/FLINK-33571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892173#comment-17892173
]
Thomas Cooper edited comment on FLINK-33571 at 10/24/24 2:46 PM:
-----------------------------------------------------------------
json-path is handled differently on the Flink 1.20 branch, so I put up a
[PR|https://github.com/apache/flink/pull/25573] there to bump it for a future
1.20.1 release.
was (Author: tomncooper):
json-path is handled differently on the Flink 1.20 branch, so I could post a PR
there to bump it for a future 1.20.1 release.
> Bump json-path from 2.7.0 to 2.8.0
> ----------------------------------
>
> Key: FLINK-33571
> URL: https://issues.apache.org/jira/browse/FLINK-33571
> Project: Flink
> Issue Type: Bug
> Affects Versions: 1.19.0
> Reporter: Yubin Li
> Priority: Major
> Labels: pull-request-available
>
> json-path has critical bugs in 2.7.0 used in flink project, see
> [https://github.com/json-path/JsonPath/issues/906]
> cve: [https://www.cve.org/CVERecord?id=CVE-2023-1370]
> the current version is vulnerable to Denial of Service (DoS) due to a
> StackOverflowError when parsing a deeply nested JSON array or object, and the
> issue has been fixed in 2.8.0.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
