11 matches found
ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root
Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-10.2.0.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-10.2.0.tgz Vulnerability Details CVEID:CVE-2025-1302 DESCRIPTION: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacke...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Remote Code Execution RCE and improper preservation of permissions due to jsonpath-plus & snowflake-sdk. Vulnerabilit...
Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution (RCE) attack due to the jsonpath-plus ( CVE-2025-1302).
Summary IBM Event Streams is vulnerable to Remote Code Execution RCE due to the jsonpath-plus package, which is typically used for querying and extracting specific data from complex JSON documents, helping in parsing message payloads, filtering data within topics, and extracting specific fields f...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution [CVE-2025-1302]
Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability ...
Exploit for CVE-2025-1302
CVE-2025-1302 ★ CVE-2025-1302 JSONPath-plus RCE PoC ★ https...
@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +3057 more potentially affected by CVE-2024-21534 +1 more via jsonpath-plus (>=0.12.0 <=10.2.0)
jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...
CVE-2025-1302 vulnerabilities
Vulnerabilities for packages: prism, kubeflow-pipelines, kubeflow-centraldashboard...
CVE-2025-1302
creationtimestamp| type| source ---|---|--- 2025-02-15 05:06:08+00:00| seen| https://infosec.exchange/users/cve/statuses/114006161366925881 2025-02-15 05:15:34+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li6xkquhej27 2025-02-15 06:48:21+00:00| seen|...
CVE-2025-1302
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...
CVE-2025-1302
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...