We are on 10.7.2 with SP2. 3 Vulnerabilities were identified related to JSON and the recommended action is upgrading JSON.
a) S-3722: Allocation of Resources Without Limits or Throttling
b) S-3187: Denial of Service (DoS)
c) S-3594: Denial of Service (DoS)
File Name: json-20140107.jar (org.json:json:20140107)
path: ./lib/shared/json-20140107.jar
File Name: json-20151123.jar (org.json:json:20151123)
CVE: CVE-2023-5072
CVE Description: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-5072
OWASP: https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
High risk vulnerability: 7.5
DevTest 10.7.2
Please follow the below steps to remediate the CVE-2023-5072 vulnerability in DevTest environments:
Note: we recommend applying the fix in the Workstations too by following the above steps.