False positive for CVE-2024-57699 (json-smart 2.5.2) #84
Description
It seems that https://github.com/netplex/json-smart-v2/ 2.5.2 is still marked as containing CVE-2024-57699:
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (audit-dependencies) on project fscrawler-framework: Detected 1 vulnerable components:
Error: net.minidev:json-smart:jar:2.5.2:runtime; https://ossindex.sonatype.org/component/pkg:maven/net.minidev/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2024-57699] CWE-674: Uncontrolled Recursion (8.7); https://ossindex.sonatype.org/vulnerability/CVE-2024-57699?component-type=maven&component-name=net.minidev%2Fjson-smart&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Although https://ossindex.sonatype.org/vulnerability/CVE-2024-57699 says:
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1.