JSONPath Plus < 10.3.0 - Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into pregmatch: php 'match' = @pregmatch\sprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @pregmatch"/$this-transformJsonPathRegex$argList1/u", $value,...

GHSA-8V8V-G73J-492J Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into pregmatch: php 'match' = @pregmatch\sprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @pregmatch"/$this-transformJsonPathRegex$argList1/u", $value,...

PT-2026-44728

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into preg match: php 'match' = @preg matchsprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @preg match"/$this-transformJsonPathRegex$argList1/u", $value,...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)

Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: CVE-2026-27606: Fix arbitrary file write via path traversal in rollup bsc1258893 Bump rollup to version 4.59.0 Drop SLE 12 support jscPED-15474 CVE-2026-25547: Fix unbounded brace range expansion leading to excessive CPU...

Spring AI 1.0.x < 1.0.4 / 1.1.x < 1.1.3 Multiple Vulnerabilities

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.4 or 1.1.x prior to 1.1.3. It is, therefore, affected by multiple vulnerabilities: - A JSONPath injection vulnerability in AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access...

python311-jsonpath-ng-1.8.0-1.1 on GA media (moderate)

python311-jsonpath-ng-1.8.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10418-1 Rating: moderate Cross-References: CVE-2025-56005 CVSS scores: CVE-2025-56005 SUSE : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-56005 SUSE : 8.5...

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to remote code execution (CVE-2026-1615)

Summary Node.js module jsonpath is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in...

OPENSUSE-SU-2026:10418-1 python311-jsonpath-ng-1.8.0-1.1 on GA media

These are all security issues fixed in the python311-jsonpath-ng-1.8.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-30873

A flaw was found in the jsonpath component of the OpenWrt Project. The jpgettoken function, which processes input expressions, contains a memory leak vulnerability. This occurs when dynamically allocated memory used for extracting string literals, field labels, or regular expressions is not...

CVE-2026-30873

OpenWrt Project: memory leak in jp_get_token when extracting string literals, field labels, and regular expressions via dynamic memory. The leaked memory occurs when transferring results from an initial jp_opcode to a newly allocated one during jp_alloc_op, where the original memory is not freed....

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

GHSA-RP9G-QX29-88CP JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

CVE-2026-22729 CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

CVE-2026-22729

Spring AI’s AbstractFilterExpressionConverter is vulnerable to a JSONPath injection, where user-controlled input in FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping. This can allow authenticated users to bypass metadata-based access controls and access unautho...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability; this vulnerability stems from the AbstractFilterExpressionConverter,...