Vulnerable Library - json-path-2.8.0.jar
A library to query and verify JSON
Library home page: https://github.com/jayway/JsonPath
Path to dependency file: /springboot-basic/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jayway.jsonpath/json-path/2.8.0/b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160/json-path-2.8.0.jar
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (json-path version) |
Remediation Possible** |
| CVE-2023-51074 |
 Medium |
5.3 |
json-path-2.8.0.jar |
Direct |
com.jayway.jsonpath:json-path:2.9.0 |
✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-51074
Vulnerable Library - json-path-2.8.0.jar
A library to query and verify JSON
Library home page: https://github.com/jayway/JsonPath
Path to dependency file: /springboot-basic/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jayway.jsonpath/json-path/2.8.0/b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160/json-path-2.8.0.jar
Dependency Hierarchy:
- ❌ json-path-2.8.0.jar (Vulnerable Library)
Found in base branch: main
Vulnerability Details
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
Publish Date: 2023-12-27
URL: CVE-2023-51074
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-51074
Release Date: 2023-12-27
Fix Resolution: com.jayway.jsonpath:json-path:2.9.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
A library to query and verify JSON
Library home page: https://github.com/jayway/JsonPath
Path to dependency file: /springboot-basic/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jayway.jsonpath/json-path/2.8.0/b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160/json-path-2.8.0.jar
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - json-path-2.8.0.jar
A library to query and verify JSON
Library home page: https://github.com/jayway/JsonPath
Path to dependency file: /springboot-basic/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jayway.jsonpath/json-path/2.8.0/b4ab3b7a9e425655a0ca65487bbbd6d7ddb75160/json-path-2.8.0.jar
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
Publish Date: 2023-12-27
URL: CVE-2023-51074
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-51074
Release Date: 2023-12-27
Fix Resolution: com.jayway.jsonpath:json-path:2.9.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.