CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

JSONPath Plus 安全漏洞

JSONPath Plus is an open source library for JSONPath Plus. A security vulnerability exists in JSONPath Plus versions prior to 10.3.0, which stems from the presence of improper input sanitization and an insecure default mode that can lead to remote code execution...

PT-2025-6876 · Unknown · Jsonpath-Plus

Name of the Vulnerable Software and Affected Versions: jsonpath-plus versions prior to 10.3.0 Description: The issue is caused by improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. This is a result ...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution [CVE-2024-21534]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON configuration. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

Security Bulletin: Vulnerability in Jsonpath-plus affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Jsonpath-plus has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow...

CVE-2024-47180

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version server-2024-09-25 are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus (CVE-2024-21534) and cookie (CVE-2024-47764)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus CVE-2024-21534 and cookie CVE-2024-47764. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)

Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

Malicious code in @adsk-forks/jsonpath (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b3b2039104a753b08abe81f7754ff405d8e3206c92b7251c857b28e3431fdc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Remote Code Execution (RCE)

Overview org.webjars.npm:jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the...

Remote Code Execution (RCE)

Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...

Exploit for CVE-2024-21534

POC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code E...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution

Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...

Exploit for CVE-2024-21534

CVE-2024-21534: Remote Code Execution Vulnerability in jsonpa...

Remote Code Execution (RCE)

jsonpath-plus is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm in Node...

SUSE CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

GHSA-PPPG-CPFQ-H7WR JSONPath Plus Remote Code Execution (RCE) Vulnerability

Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions...

JSONPath Plus Remote Code Execution (RCE) Vulnerability

Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions...