24 matches found
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-0.19.0.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-0.19.0.tgz Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can...
Security Bulletin: Vulnerability in IBM Cloud Pak for Multicloud Management
Summary A vulnerability in IBM Cloud Pak for Multicloud Management has been delivered in a HotFix for 2.3 FP9 Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...
JSONPath Plus allows Remote Code Execution
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...
GHSA-HW8R-X6GR-5GJP JSONPath Plus allows Remote Code Execution
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...
@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +3057 more potentially affected by CVE-2024-21534 +1 more via jsonpath-plus (>=0.12.0 <=10.2.0)
jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)
Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus (CVE-2024-21534) and cookie (CVE-2024-47764)
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus CVE-2024-21534 and cookie CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...
Remote Code Execution (RCE)
Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...
Exploit for CVE-2024-21534
POC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code E...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release
Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...
Exploit for CVE-2024-21534
Vulnerability Information: CVE-2024-21534 The jsonpath-plus...
Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution
Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...
CVE-2024-21534
creationtimestamp| type| source ---|---|--- 2024-11-13 11:34:23+00:00| published-proof-of-concept| Telegram/WDhF5XevgqviS8KCjmZ87T-69AWAI0o-KreZtmExyTW4 2024-11-25 06:25:50+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9172 2024-11-28 18:27:39+00:00| published-proof-of-concept|...
Exploit for CVE-2024-21534
CVE-2024-21534: Remote Code Execution Vulnerability in jsonpa...
SUSE CVE-2024-21534
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...
org.webjars.npm:json-schema-faker (>=0.5.0-rcv.29 <=0.5.0-rcv.33) potentially affected by CVE-2024-21534 via org.webjars.npm:jsonpath-plus (=3.0.0)
org.webjars.npm:jsonpath-plus MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsonpath-plus and may be impacted: - org.webjars.npm:json-schema-faker =0.5.0-rcv.29, =0.5.0-rcv.33 Source cves: CVE-2024-21534 Source...
@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2896 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)
jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...
CVE-2024-21534
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...