• Top
  • New

JSONPath Plus Remote Code Execution (RCE) Vulnerability

by niel on 10/21/2024, 12:25:14 PM with 1 comments
  • by niel on 10/21/2024, 12:25:14 PM

    JSONPath-Plus is a widely used [0] JavaScript package to query JSON objects with the JSONPath query language.

    Recent versions allow trivial RCE. [1]

    [0] 800+ direct dependants https://www.npmjs.com/package/jsonpath-plus?activeTab=depend... [1] https://github.com/JSONPath-Plus/JSONPath/issues/226