It has been reported net.minidev_json-smart jar has a vulnerability.
Release : 12.0
Component : Workload Automation System Agent
The json-smart.jar is specifically used by appservice and webservice plugins.
If you don't use/enable this plugin, you can remove the json-smart.jar manually.
Otherwise, you can update the jar but you need to update the dependent jars as well.
net.minidev:json-smart has dependency on net.minidev:accessors-smart
Both jars can be updated to 2.3.1 version.