{"url":"http://public2.vulnerablecode.io/api/packages/380929?format=json","purl":"pkg:maven/com.intuit.karate/karate-core@1.3.1","type":"maven","namespace":"com.intuit.karate","name":"karate-core","version":"1.3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.0","latest_non_vulnerable_version":"1.4.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361018?format=json","vulnerability_id":"VCID-dcwe-x8hx-uyd6","summary":"Karate has vulnerable dependency on json-smart package (CVE-2023-1370)\n### Summary\nThe CVE \n![image](https://user-images.githubusercontent.com/2663049/229081854-1155c041-56fa-48ca-a7ff-f2f085b845fd.png)\n\n\n### How to fix it\nVery simple, just upgrade json-path package to 2.8.0 (from 2.7.0) inside karate-core pom.xml ;)","references":[{"reference_url":"https://github.com/karatelabs/karate","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/karatelabs/karate"},{"reference_url":"https://github.com/karatelabs/karate/security/advisories/GHSA-5x5q-8cgm-2hjq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/karatelabs/karate/security/advisories/GHSA-5x5q-8cgm-2hjq"},{"reference_url":"https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1370","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1370"},{"reference_url":"https://github.com/advisories/GHSA-5x5q-8cgm-2hjq","reference_id":"GHSA-5x5q-8cgm-2hjq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5x5q-8cgm-2hjq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380930?format=json","purl":"pkg:maven/com.intuit.karate/karate-core@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.intuit.karate/karate-core@1.4.0"}],"aliases":["GHSA-5x5q-8cgm-2hjq","GMS-2023-970"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcwe-x8hx-uyd6"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.intuit.karate/karate-core@1.3.1"}