Remote Code Execution (RCE)

🗓️ 10 Sep 2024 14:03:11Reported by Snyk Security DatabaseType

JSONPath jsonpath-plus vulnerable to remote code execution via unsafe vm usage; upgrade to 10.2.0.

Reporter	Title	Published	Views	Family All 46
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities	15 Apr 202503:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024	26 Nov 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to jsonpath-plus (CVE-2024-21534) and cookie (CVE-2024-47764)	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	19 Dec 202416:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution [CVE-2024-21534]	12 Feb 202512:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities	28 Jun 202501:19	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution	15 Nov 202409:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Jsonpath-plus affects IBM watsonx Assistant for IBM Cloud Pak for Data	10 Feb 202516:54	–	ibm

Vulners

Node

Source	Link
cwe	www.cwe.mitre.org/data/definitions/CWE-94.html
security	www.security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884

10 Sep 2024 14:03Current

8High risk

Vulners AI Score8

CVSS 49.3

CVSS 3.19.8

EPSS0.92707

SSVC