Outdated version of cJSON used by aws-cpp-sdk-core contains security vulnerabilities

[dkalinowski]

This project uses cJSON version v1.7.7.
v1.7.11 introduced security issue fix for cJSON_Minify function: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11

CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[Ayse1974]

• 🚴‍♀️@zteckjob

[Ayse1974]

• 🚴‍♀️@zteckjob

●●

[josereyqdabalos0100]

AMAZON CODE:123282.
DATE:2021-06-28.
ACCOUNT NUMBER:172-82512-12311-PRIORITY CODE:ETGTX6QX.
NAME:JOSE REY DABALOS.
CARD ID:#YF087717.
Email: josereyqdabalos0100@gmail.com.

[johny007jaat]

package org.apache.http.entity.mime.content;

public abstract class AbstractContentBody implements ContentBody {
private final String mediaType;
private final String mimeType;
private final String subType;

public AbstractContentBody(String str) {
    if (str != null) {
        this.mimeType = str;
        int indexOf = str.indexOf(47);
        if (indexOf != -1) {
            this.mediaType = str.substring(0, indexOf);
            this.subType = str.substring(indexOf + 1);
            return;
        }
        this.mediaType = str;
        this.subType = null;
        return;
    }
    throw new IllegalArgumentException("MIME type may not be null");
}

public String getMediaType() {
    return this.mediaType;
}

public String getMimeType() {
    return this.mimeType;
}

public String getSubType() {
    return this.subType;
}

} /