[
https://issues.apache.org/jira/browse/NIFI-11340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Sampson updated NIFI-11340:
---------------------------------
Fix Version/s: 2.0.0
1.21.0
> Update net.minidev_json-smart from 2.4.8 to 2.4.9
> -------------------------------------------------
>
> Key: NIFI-11340
> URL: https://issues.apache.org/jira/browse/NIFI-11340
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.20.0
> Reporter: Phil Lee
> Priority: Major
> Fix For: 2.0.0, 1.21.0
>
>
> Update net.minidev_json-smart from 2.4.8 to 2.4.9. This will remediate
> 6.0.0. This will remediate [https://nvd.nist.gov/vuln/detail/CVE-2023-1370]
> Twistlock scan reported this as high severity vulnerability in NiFi Registry
> 1.20.0.
> Impacted versions: <2.4.9
> Discovered: less than an hour ago
> Published: 8 hours ago
> [Json-smart](https://netplex.github.io/json-smart/) is a performance focused,
> JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input,
> the code parses an array or an object respectively. It was discovered that
> the code does not have any limit to the nesting of such arrays or objects.
> Since the parsing of nested arrays and objects is done recursively, nesting
> too many of them can cause a stack exhaustion (stack overflow) and crash the
> software.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
