Lucene search
K

11 matches found

OSV
OSV
added 2026/06/10 11:45 a.m.9 views

ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

9.8CVSS5.4AI score0.10701EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:5 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-10.2.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-10.2.0.tgz Vulnerability Details CVEID:CVE-2025-1302 DESCRIPTION: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacke...

9.8CVSS7.5AI score0.10701EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 4:7 p.m.21 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Remote Code Execution RCE and improper preservation of permissions due to jsonpath-plus & snowflake-sdk. Vulnerabilit...

9.8CVSS8.4AI score0.10701EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/19 2:5 a.m.20 views

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution (RCE) attack due to the jsonpath-plus ( CVE-2025-1302).

Summary IBM Event Streams is vulnerable to Remote Code Execution RCE due to the jsonpath-plus package, which is typically used for querying and extracting specific data from complex JSON documents, helping in parsing message payloads, filtering data within topics, and extracting specific fields f...

9.8CVSS7.5AI score0.10701EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 5:56 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution [CVE-2025-1302]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability ...

9.8CVSS8.4AI score0.10701EPSS
Exploits5Affected Software1
GithubExploit
GithubExploit
added 2025/02/25 8:36 a.m.489 views

Exploit for CVE-2025-1302

CVE-2025-1302 ★ CVE-2025-1302 JSONPath-plus RCE PoC ★ https...

9.8CVSS8.2AI score0.10701EPSS
Exploits8
vulnersOsv
vulnersOsv
added 2025/02/15 6:30 a.m.14 views

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +3057 more potentially affected by CVE-2024-21534 +1 more via jsonpath-plus (>=0.12.0 <=10.2.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

9.8CVSS7.1AI score0.10701EPSS
Exploits8
Wolfi
Wolfi
added 2025/02/15 5:15 a.m.14 views

CVE-2025-1302 vulnerabilities

Vulnerabilities for packages: prism, kubeflow-pipelines, kubeflow-centraldashboard...

9.8CVSS7.2AI score0.10701EPSS
Exploits5
Circl
Circl
added 2025/02/15 5:6 a.m.12 views

CVE-2025-1302

creationtimestamp| type| source ---|---|--- 2025-02-15 05:06:08+00:00| seen| https://infosec.exchange/users/cve/statuses/114006161366925881 2025-02-15 05:15:34+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li6xkquhej27 2025-02-15 06:48:21+00:00| seen|...

9.8CVSS7.3AI score0.10701EPSS
In wildExploits5References19
OSV
OSV
added 2025/02/15 5:0 a.m.32 views

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.3CVSS7.7AI score0.10701EPSS
Exploits5References6
Vulnrichment
Vulnrichment
added 2025/02/15 5:0 a.m.9 views

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS10AI score0.10701EPSS
Exploits5References4
Rows per page
Query Builder