Security vulnerability CVE-2021-27568 In ROR1.26.1_es7.10.0

Hi Team,

We are using the free version of ROR1.26.1_es7.10.0 and it has security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-27568 in json-smart library, can you please suggest if there are any updated version which has better version of json-smart ? or can it be fixed

Thanks for the help.

1 Like

Thanks for report. We’ll upgrade the lib soon.

1 Like

Hello Noor, we have updated json-smart library to 2.4.7, which is free from known vulnerabilities. We haven’t released ROR with it yet, but we will do it ASAP.

How did you find that there is a problem with this library? We are using OWASP dependency-check during build to find libraries which could have known vulnerabilities, but it doesn’t find any issue with json-smart. I wonder how we can improve our detection system to catch more issues like that automatically.

It’s released with ROR 1.30.1

1 Like