@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2898 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

org.webjars.npm:json-schema-faker (>=0.5.0-rcv.29 <=0.5.0-rcv.33) potentially affected by CVE-2024-21534 via org.webjars.npm:jsonpath-plus (=3.0.0)

org.webjars.npm:jsonpath-plus MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsonpath-plus and may be impacted: - org.webjars.npm:json-schema-faker =0.5.0-rcv.29, =0.5.0-rcv.33 Source cves: CVE-2024-21534 Source...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

CVE-2024-21534

A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for...

CVE-2024-21534

CVE-2024-21534 - JSONPath Plus vulnerability allows Remote Code Execution due to unsafe vm usage and improper input sanitization. Affected: jsonpath-plus package in node environments. Root cause: unsafe default usage of Node.js vm and inadequate input sanitization enables arbitrary code execution...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

JSONPath Plus 安全漏洞

JSONPath Plus is an open source library for JSONPath Plus. A security vulnerability exists in JSONPath Plus versions prior to 10.0.0 that stems from improper input cleanup and is susceptible to a Remote Code Execution RCE attack, which can be exploited by an attacker to execute arbitrary code on ...

PT-2024-18948

Name of the Vulnerable Software and Affected Versions jsonpath-plus versions prior to 10.0.7 Description The issue is related to Remote Code Execution RCE due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm ...

CVE-2024-47180

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...

CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...

CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...

CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...

CVE-2024-47180

CVE-2024-47180 affects Shields.io self-hosted instances using versions before server-2024-09-25. The vulnerability arises from the JSONPath library used by Dynamic JSON/TOML/YAML badges, enabling remote code execution if a crafted JSONPath expression is requested. Impact is remote code execution ...

PT-2024-32462 · Jsonpath +1 · Jsonpath +1

Name of the Vulnerable Software and Affected Versions: Shields.io versions prior to server-2024-09-25 Description: The issue concerns a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability allows any user with access to make a reque...

Remote Code Execution (RCE)

Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...

The vulnerability of the Criteria.parse() function in the Java library JsonPath, which allows a attacker to trigger a service failure

The vulnerability of the Criteria.parse function in the Java JsonPath library is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...

africa.absa:inception-test (>=1.0.0 <=1.2.0), ai.apiverse:apipulse (=1.0.1) +9473 more potentially affected by CVE-2023-51074 via com.jayway.jsonpath:json-path (>=2.2.0 <=2.8.0)

com.jayway.jsonpath:json-path MAVEN version =2.2.0, =1.0.0, =0.0.2, =0.0.2, =0.0.10, =0.0.6, =1.1.0, =1.6.8, =4.1.0, =4.0.0, =3.4.0, =3.5.4-rc.0, =2.0, =2.0, =3.0 and more Source cves: CVE-2023-51074 Source advisory: OSV:GHSA-PFH2-HFMQ-PHG5...

Jayway JsonPath Security Vulnerability

Jayway JsonPath is json-path open source a Java DSL for reading Json documents. A security vulnerability exists in Jayway JsonPath version v2.8.0, which stems from a stack overflow vulnerability in the Criteria.parse method...