By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

com.jayway.jsonpath:json-path is vulnerable to a buffer overflow per ( CVE-2023-51074 ]( https://www.cve.org/CVERecord?id=CVE-2023-51074 ).

We are using 2.7.18 and this is being flagged by our SCA tool.

Please upgrade json-path to 2.9.0.

json-path/JsonPath#973

Thank you.

Thanks. We're aware of the CVE and considering what to do here. In the meantime, please be aware that:

Spring Boot 2.7.x is out of OSS support and the earliest generally available release in which an upgrade to json-path 2.9.0 could be made would be a 3.1.x release.

You can override the version in your build using the json-path.version property

The situations in which you may actually be vulnerable are quite limited. Some further investigation of the flag raised by your SCA tool may identify it as a false alarm.

changed the title com.jayway.jsonpath:json-path is vulnerable to Buffer Overflow: CVE-2023-51074 json-path is vulnerable to CVE-2023-51074 Jan 30, 2024