You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
High severity
GitHub Reviewed
Published
Mar 31, 2023
in
karatelabs/karate
•
Updated Apr 4, 2023
Summary
Karate has vulnerable dependency on the package net.minidev:json-smart. More information is available at GHSA-493p-pfq6-5258.
How to fix it
Very simple, just upgrade json-path package to 2.8.0 (from 2.7.0) inside karate-core pom.xml ;)
References