Settings

Theme

JSONPath Plus Remote Code Execution (RCE) Vulnerability

github.com

2 points by niel a year ago · 3 comments

Reader
nielOP a year ago

JSONPath-Plus is a widely used [0] JavaScript package to query JSON objects with the JSONPath query language.

Recent versions allow trivial RCE. [1]

[0] 800+ direct dependants https://www.npmjs.com/package/jsonpath-plus?activeTab=depend... [1] https://github.com/JSONPath-Plus/JSONPath/issues/226

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection