json vulnerability(CVE-2022-45688) in ejbca 8.3.1 #701

bhr83 · 2024-11-05T06:51:12Z

bhr83
Nov 5, 2024

I am using ejbca 8.3.1 with wildfly 26.1.3. In the trivy scan report
├──────────────────────────────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ org.json:json (ejbca.ear) │ CVE-2022-45688 │ HIGH │ │ 20220924 │ 20230227 │ json stack overflow vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-45688 │ │ ├────────────────┤ │ │ ├─────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2023-5072 │ │ │ │ 20231013 │ JSON-java: parser confusion leads to OOM │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-5072
I can see json affected version 20220924. But I couldn’t find any JSON library in the EJBCA codebase, nor any reference to JSON in the WildFly pom.xml file.

Answered by primetomas

Nov 5, 2024

We haven't found any reference for CVE-2022-45688 either. There may be false positives, for example see jeremylong/DependencyCheck#5502

View full answer

primetomas · 2024-11-05T08:07:05Z

primetomas
Nov 5, 2024
Maintainer

We haven't found any reference for CVE-2022-45688 either. There may be false positives, for example see jeremylong/DependencyCheck#5502

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

json vulnerability(CVE-2022-45688) in ejbca 8.3.1 #701

{{title}}

Replies: 1 comment

{{title}}

Select a reply

json vulnerability(CVE-2022-45688) in ejbca 8.3.1 #701

bhr83 Nov 5, 2024

Replies: 1 comment

primetomas Nov 5, 2024 Maintainer

bhr83
Nov 5, 2024

primetomas
Nov 5, 2024
Maintainer