Lucene search

K
githubGitHub Advisory DatabaseGHSA-PFH2-HFMQ-PHG5
HistoryDec 27, 2023 - 9:31 p.m.

json-path Out-of-bounds Write vulnerability

2023-12-2721:31:01
CWE-787
GitHub Advisory Database
github.com
58
vulnerability
software
stack overflow
`criteria.parse()`

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.

Affected configurations

Vulners
Node
com.jayway.jsonpath\jsonMatchpath
CPENameOperatorVersion
com.jayway.jsonpath:json-pathlt2.9.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%