[jira] [Commented] (FLINK-33571) Bump json-path from 2.7.0 to 2.8.0

Sergey Nuyanzin (Jira) Tue, 26 Nov 2024 10:31:07 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-33571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901278#comment-17901278
 ]


Sergey Nuyanzin commented on FLINK-33571:
-----------------------------------------

Merged to 1.20 as 
[98d1705fca9d6f0d166e4e73cffce7a45a00564e|https://github.com/apache/flink/commit/98d1705fca9d6f0d166e4e73cffce7a45a00564e]

> Bump json-path from 2.7.0 to 2.8.0
> ----------------------------------
>
>                 Key: FLINK-33571
>                 URL: https://issues.apache.org/jira/browse/FLINK-33571
>             Project: Flink
>          Issue Type: Bug
>    Affects Versions: 1.19.0
>            Reporter: Yubin Li
>            Priority: Major
>              Labels: pull-request-available
>
> json-path has critical bugs in 2.7.0 used in flink project, see 
> [https://github.com/json-path/JsonPath/issues/906]
> cve: [https://www.cve.org/CVERecord?id=CVE-2023-1370]
> the current version is vulnerable to Denial of Service (DoS) due to a 
> StackOverflowError when parsing a deeply nested JSON array or object, and the 
> issue has been fixed in 2.8.0.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-33571) Bump json-path from 2.7.0 to 2.8.0

Reply via email to