4 matches found
SUSE CVE-2024-21534
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...
GHSA-PPPG-CPFQ-H7WR JSONPath Plus Remote Code Execution (RCE) Vulnerability
Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions...
Remote Code Execution (RCE)
Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...
Remote Code Execution (RCE)
Overview mongo-express is a web-based MongoDB admin interface written with Node.js, Express and Bootstrap3 Affected versions of this package are vulnerable to Remote Code Execution RCE via endpoints that use the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe...