GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling

GHSA-2r2v-9pf8-6342: WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

GHSA-r5vf-wf4h-82gg: matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

GHSA-f27p-cmv8-xhm6: fetch: Authorization headers not dropped when redirecting cross-origin

GHSA-2p95-8xvm-2pjx: REDAXO CMS Cross-site Scripting vulnerability

### Summary
Karate has vulnerable dependency on the package [net.minidev:json-smart](https://github.com/netplex/json-smart-v1). More information is available at https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258.

![image](https://user-images.githubusercontent.com/2663049/229081854-1155c041-56fa-48ca-a7ff-f2f085b845fd.png)


### How to fix it
Very simple, just upgrade json-path package to 2.8.0 (from 2.7.0) inside karate-core pom.xml ;)


**Karate has vulnerable dependency on json-smart package (CVE-2023-1370)**

High severity GitHub Reviewed Published Mar 31, 2023 in karatelabs/karate • Updated Mar 31, 2023

Headline

GHSA-5x5q-8cgm-2hjq: Karate has vulnerable dependency on json-smart package (CVE-2023-1370)

Summary

How to fix it

ghsa: Latest News