Vulnerability introduced by com.nimbusds:oauth2-oidc-sdk v9.4

`com.nimbusds:oauth2-oidc-sdk v9.4` depends on `net.minidev » json-smart v1.3.3,2.4.2` which introduces below mentioned vulnerability.
https://github.com/AzureAD/azure-activedirectory-library-for-java/blob/72dd774534adefa97c62289747b536ca12e6641c/pom.xml#L70-L74

### Vulnerability details
CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

#### Severity
Medium

#### Recommendation
Upgrade to version net.minidev:json-smart:1.3.3,2.4.5

For ADAL: Upgrade to [com.nimbusds:oauth2-oidc-sdk v9.5+](https://mvnrepository.com/artifact/com.nimbusds/oauth2-oidc-sdk/9.5)



	<dependency>
	<groupId>com.nimbusds</groupId>
	<artifactId>oauth2-oidc-sdk</artifactId>
	<version>9.4</version>
	</dependency>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability introduced by com.nimbusds:oauth2-oidc-sdk v9.4 #309

Vulnerability details

Severity

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability introduced by com.nimbusds:oauth2-oidc-sdk v9.4 #309

Description

Vulnerability details

Severity

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions