There are 2 open security issues in bookworm.
1 important issue:
- CVE-2024-47855:
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
1 issue left for the package maintainer to handle:
- CVE-2023-5072:
(needs triaging)
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
You can find information about how to handle this issue in the security team's documentation.