Skip to content

CVE-2024-57699 High: Fix json-smart vulnerability #3484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 28, 2025
Merged

CVE-2024-57699 High: Fix json-smart vulnerability #3484

merged 1 commit into from
Mar 28, 2025

Conversation

@LantaoJin
Copy link
Member

@LantaoJin LantaoJin commented Mar 28, 2025
edited
Loading

Description

Vulnerable Library - json-smart-2.5.0.jar
Found in base branch: main
https://advisories.opensearch.org/advisories/CVE-2024-57699

Related Issues

Resolves #3485

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • New functionality has javadoc added.
  • New functionality has a user manual doc added.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@LantaoJin
CVE-2024-57699: Fix json-smart vulnerability
2b6e883 
Signed-off-by: Lantao Jin <ltjin@amazon.com>
@LantaoJin LantaoJin marked this pull request as ready for review March 28, 2025 06:43
@LantaoJin
Copy link
Member Author

ping @penghuo @dai-chen @noCharger

@LantaoJin LantaoJin added Security calcite calcite migration releated labels Mar 28, 2025
dai-chen
dai-chen approved these changes Mar 28, 2025
View reviewed changes
Copy link
Collaborator

@dai-chen dai-chen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

@noCharger noCharger merged commit ec2e354 into opensearch-project:main Mar 28, 2025
24 checks passed
@xinyual xinyual mentioned this pull request Jun 11, 2025
Merged
7 tasks
penghuo pushed a commit that referenced this pull request Jun 16, 2025
@LantaoJin @xinyual
CVE-2024-57699: Fix json-smart vulnerability (#3484)
d25b043 
Signed-off-by: Lantao Jin <ltjin@amazon.com>
Signed-off-by: xinyual <xinyual@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@noCharger noCharger noCharger approved these changes

@dai-chen dai-chen dai-chen approved these changes

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@Swiddis Swiddis Awaiting requested review from Swiddis Swiddis is a code owner

@penghuo penghuo Awaiting requested review from penghuo penghuo is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

@MaxKsyunz MaxKsyunz Awaiting requested review from MaxKsyunz MaxKsyunz is a code owner

@Yury-Fridlyand Yury-Fridlyand Awaiting requested review from Yury-Fridlyand Yury-Fridlyand is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@forestmvey forestmvey Awaiting requested review from forestmvey forestmvey is a code owner

@acarbonetto acarbonetto Awaiting requested review from acarbonetto acarbonetto is a code owner

@GumpacG GumpacG Awaiting requested review from GumpacG GumpacG is a code owner

@ykmr1224 ykmr1224 Awaiting requested review from ykmr1224 ykmr1224 is a code owner

Assignees

No one assigned

Labels

calcite calcite migration releated Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CVE] CVE-2024-57699 High: Fix json-smart vulnerability

3 participants

@LantaoJin @noCharger @dai-chen