Skip to content

CVE-2024-21534 - JSONPath Plus Remote Code Execution (RCE) Vulnerability #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
drouian-m opened this issue Oct 15, 2024 · 3 comments
Closed

CVE-2024-21534 - JSONPath Plus Remote Code Execution (RCE) Vulnerability #380

drouian-m opened this issue Oct 15, 2024 · 3 comments

Comments

@drouian-m
Copy link

Hi,

The jsonpath-plus module contains a 9.3/10 vulnerability about remote code execution.

CVE details : GHSA-pppg-cpfq-h7wr

The module vulnerability seems fixed in 10.xx versions.
@PradiptoG
Copy link

Hi,
Any update on this? This is blocking our release.
Thanks

@drouian-m
Copy link
Author

There is a PR in progress to patch the CVE : #379

@CacheControl CacheControl mentioned this issue Oct 24, 2024
Closed
@chris-pardy
Copy link
Collaborator

Resolved in v7.0.0 see #386

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chris-pardy @PradiptoG @drouian-m