diff --git a/isthmus/build.gradle.kts b/isthmus/build.gradle.kts
index 82046724..09ac023e 100644
--- a/isthmus/build.gradle.kts
+++ b/isthmus/build.gradle.kts
@@ -81,6 +81,10 @@ val PROTOBUF_VERSION = properties.get("protobuf.version")
 dependencies {
   implementation(project(":core"))
   implementation("org.apache.calcite:calcite-core:${CALCITE_VERSION}")
+  // calcite-core 1.37.0 brings in net.minidev:json-smart:2.5.0 which has a CVE associated with it.
+  // See: https://osv.dev/vulnerability/GHSA-pq2g-wx69-c263
+  // This causes the build to fail. Pull in the fixed version until Calcite is updated
+  implementation("net.minidev:json-smart:2.5.2")
   implementation("org.apache.calcite:calcite-server:${CALCITE_VERSION}")
   testImplementation("org.junit.jupiter:junit-jupiter:${JUNIT_VERSION}")
   implementation("org.reflections:reflections:0.9.12")