Lucene search
+L

24 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:48 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-0.19.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-0.19.0.tgz Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can...

9.8CVSS7.8AI score0.09017EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/21 8:18 p.m.12 views

Security Bulletin: Vulnerability in IBM Cloud Pak for Multicloud Management

Summary A vulnerability in IBM Cloud Pak for Multicloud Management has been delivered in a HotFix for 2.3 FP9 Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

9.8CVSS9.9AI score0.09017EPSS
Exploits4Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/15 6:30 a.m.37 views

JSONPath Plus allows Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS7.7AI score0.10224EPSS
Exploits5References7Affected Software1
OSV
OSV
added 2025/02/15 6:30 a.m.12 views

GHSA-HW8R-X6GR-5GJP JSONPath Plus allows Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS10AI score0.10224EPSS
Exploits8References7
vulnersOsv
vulnersOsv
added 2025/02/15 6:30 a.m.14 views

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +3057 more potentially affected by CVE-2024-21534 +1 more via jsonpath-plus (>=0.12.0 <=10.2.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

9.8CVSS7.1AI score0.10224EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.76 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)

Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

9.8CVSS7.3AI score0.09017EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.32 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus (CVE-2024-21534) and cookie (CVE-2024-47764)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus CVE-2024-21534 and cookie CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package...

9.8CVSS7.6AI score0.09017EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

9.8CVSS7.2AI score0.09017EPSS
Exploits4Affected Software1
Snyk
Snyk
added 2025/01/10 1:6 a.m.7 views

Remote Code Execution (RCE)

Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...

9.8CVSS7.8AI score0.10224EPSS
Exploits5References2
GithubExploit
GithubExploit
added 2024/11/28 5:47 p.m.566 views

Exploit for CVE-2024-21534

POC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code E...

9.8CVSS8.2AI score0.09017EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/26 9:40 a.m.64 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

9.8CVSS9.1AI score0.66582EPSS
Exploits16Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/25 7:44 p.m.39 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release

Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...

10CVSS7.1AI score0.09017EPSS
Exploits7References10
GithubExploit
GithubExploit
added 2024/11/23 5:54 a.m.401 views

Exploit for CVE-2024-21534

Vulnerability Information: CVE-2024-21534 The jsonpath-plus...

9.8CVSS8AI score0.09017EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/15 9:28 a.m.18 views

Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution

Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...

9.8CVSS7.4AI score0.09017EPSS
Exploits4Affected Software1
Circl
Circl
added 2024/11/13 11:34 a.m.6 views

CVE-2024-21534

creationtimestamp| type| source ---|---|--- 2024-11-13 11:34:23+00:00| published-proof-of-concept| Telegram/WDhF5XevgqviS8KCjmZ87T-69AWAI0o-KreZtmExyTW4 2024-11-25 06:25:50+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9172 2024-11-28 18:27:39+00:00| published-proof-of-concept|...

9.8CVSS7.8AI score0.09017EPSS
Exploits4References10
GithubExploit
GithubExploit
added 2024/11/13 7:56 a.m.801 views

Exploit for CVE-2024-21534

CVE-2024-21534: Remote Code Execution Vulnerability in jsonpa...

9.8CVSS8.3AI score0.09017EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2024/10/12 3:3 a.m.5 views

SUSE CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

9.8CVSS8.6AI score0.09017EPSS
Exploits4References3
vulnersOsv
vulnersOsv
added 2024/10/11 3:30 p.m.9 views

org.webjars.npm:json-schema-faker (>=0.5.0-rcv.29 <=0.5.0-rcv.33) potentially affected by CVE-2024-21534 via org.webjars.npm:jsonpath-plus (=3.0.0)

org.webjars.npm:jsonpath-plus MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsonpath-plus and may be impacted: - org.webjars.npm:json-schema-faker =0.5.0-rcv.29, =0.5.0-rcv.33 Source cves: CVE-2024-21534 Source...

9.8CVSS7.1AI score0.09017EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2024/10/11 3:30 p.m.8 views

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2896 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

9.8CVSS7.1AI score0.09017EPSS
Exploits4
NVD
NVD
added 2024/10/11 1:15 p.m.25 views

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

9.8CVSS0.09017EPSS
Exploits4References4
Rows per page
Query Builder