This is a vulnerability disclosure. Please update to
com.mikesamuel:json-sanitizer:1.2.2
available at
https://search.maven.org/artifact/com.mikesamuel/json-sanitizer/1.2.2/jarOWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and
CDATA section delimiters for crafted input. This allows an
attacker to inject arbitrary HTML or XML into embedding documents.
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an
undeclared exception for crafted input. This may lead to
denial of service if the application is not prepared to handle these
situations.
CVE-2021-23899. CVE-2021-23900