JSONPath Plus Remote Code Execution (RCE) Vulnerability
by niel on 10/21/2024, 12:25:14 PM
JSONPath-Plus is a widely used [0] JavaScript package to query JSON objects with the JSONPath query language.
Recent versions allow trivial RCE. [1]
[0] 800+ direct dependants https://www.npmjs.com/package/jsonpath-plus?activeTab=depend... [1] https://github.com/JSONPath-Plus/JSONPath/issues/226
JSONPath-Plus is a widely used [0] JavaScript package to query JSON objects with the JSONPath query language.
Recent versions allow trivial RCE. [1]
[0] 800+ direct dependants https://www.npmjs.com/package/jsonpath-plus?activeTab=depend... [1] https://github.com/JSONPath-Plus/JSONPath/issues/226