CVEs Impacting Insight

The following is a list of CVEs that were discovered to impact Insight and were fixed.

CVE	Severity	Insight Fix Version	Fix Description
CVE-2022-45688	High	1.14.0	Upgraded `org.json`.
CVE-2023-1370	High	1.13.5	Upgraded `json-smart` to version 2.4.9.
CVE-2022-42003	High	1.13.5	Upgraded `jackson-databind` to version 2.13.4.2.
CVE-2022-45143	High	1.13.3	Upgraded `tomcat-embed-core` to version 9.0.69.
CVE-2022-31692	Critical	1.13.0	Upgraded `spring-security-web` to version 5.7.5. Upgraded `spring-bootcore` to version 2.7.5.
CVE-2022-23181	High	1.7.0	`tomcat-embed-core`, has been upgraded to version 9.0.58.
CVE-2021-22060	Medium	1.6.0	Upgraded `spring-web` to version 5.3.14.
CVE-2021-42550	Medium	1.5.0	Upgraded `logback`version to 1.2.9.
CVE-2021-22096	Medium	1.4.0	Upgraded `spring-web` to version 5.3.12.