Skip to content

Outdated version of cJSON used by aws-cpp-sdk-core contains security vulnerabilities #1594

Closed
@dkalinowski

Description

@dkalinowski

This project uses cJSON version v1.7.7.
v1.7.11 introduced security issue fix for cJSON_Minify function: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11

CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.

Metadata

Metadata

Assignees

No one assigned

    Labels

    pending-releaseThis issue will be fixed by an approved PR that hasn't been released yet.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions