AIKIDO-2024-10347
jsonpath-plus is vulnerable to Remote code execution
90
Critical
jsonpath-plus js
AIKIDO-2024-10347: jsonpath-plus is vulnerable to Remote code execution in versions 0.1.0 - 10.0.6.
Remote code execution
Vuln in 0.1.0 - 10.0.6
Fixed in 10.0.7
No CVE available
TL;DR
Affected versions of the package are vulnerable to Remote code execution. CVE-2024-21534 was not solved entirely in version 10.0.0, to 10.0.6, for a certain input RCE is still possible.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade jsonpath-plus library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US