[JOC-1663] Update parsson to version 1.0.5 due to 3rd party vulnerability CVE-2023-4043 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.5, 2.6.2
Fix Version/s: 2.5.6, 2.6.3
Component/s: None
Labels:
None

CVE-ID:
CVE-2023-4043

Description

Current Situation

JS7 JOC Cockpit ships with 3rd party library parsson v1.0.0.
A vulnerability affects this version.
- https://nvd.nist.gov/vuln/detail/CVE-2023-4043

Impact

We rate the impact to our software as very low as our implementation does not make use of the parsson library for parsing. This library is only used by 3rd party library jersey-media-moxy internally.

Desired Behavior

JS7 JOC Cockpit should use version 1.0.5 which fixes the vulnerability.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pramokshi Narawariya

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06 November 2023 11:46

Updated:: 09 November 2023 13:53

Resolved:: 06 November 2023 11:50