From b2d7e007a6914d8b23519a3727b92f8a1cbd18bd Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Fri, 15 Dec 2023 17:04:48 +0200
Subject: [PATCH] Fix CVE 2023-1370 (#1521)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
---
 pom.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 7b5df80e8..b93b651eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,8 +162,6 @@
       <spring.boot.version>2.7.18</spring.boot.version>
       <spring.cloud.version>2021.0.8</spring.cloud.version>
       <spring.plugin.core.version>2.0.0.RELEASE</spring.plugin.core.version>
-      <!-- CVE-2022-31690 Remove after Spring 3.0.0 migration-->
-      <spring.security.oauth2.client.version>5.7.11</spring.security.oauth2.client.version>
 
       <!-- Swagger Support -->
       <springdoc-openapi.version>1.7.0</springdoc-openapi.version>
@@ -853,11 +851,13 @@
             <artifactId>spring-plugin-core</artifactId>
             <version>${spring.plugin.core.version}</version>
          </dependency>
-         <!-- CVE-2022-31690 Remove after Spring 3.0.0 migration-->
+
+         <!-- CVE-2023-1370 Remove after Spring 3.0.0 migration -->
          <dependency>
             <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-oauth2-client</artifactId>
-            <version>${spring.security.oauth2.client.version}</version>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+            <version>5.8.8</version>
+            <scope>compile</scope>
          </dependency>
 
          <!-- Swagger Support -->