Recently, when running the OWASP Dependency-Check tool on my project, both android-json-0.0.20131108.vaadin1.jar and jackson-core-2.16.0.jar were flagged with CVE-2023-5072. However, I couldn’t find much recent information about this CVE other than a GitHub issue related to JSON-Java (https://github.com/jeremylong/DependencyCheck/issues/5991).