90
Affected versions of the package are vulnerable to Remote code execution. CVE-2024-21534 was not solved entirely in version 10.0.0, for a certain input RCE is still possible.
You're affected if you are using a version which is within vulnerability ranges.
Upgrade jsonpath-plus library to patch version.