Details
-
Fix
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
2.5.5, 2.6.2
-
None
-
None
-
CVE-2023-4043
Description
Current Situation
- JS7 JOC Cockpit ships with 3rd party library parsson v1.0.0.
- A vulnerability affects this version.
Impact
We rate the impact to our software as very low as our implementation does not make use of the parsson library for parsing. This library is only used by 3rd party library jersey-media-moxy internally.
Desired Behavior
JS7 JOC Cockpit should use version 1.0.5 which fixes the vulnerability.