Skip to content

High severity security flaw in JSONPath Plus allows Remote Code Execution - please update dependency #413

New issue
New issue
Open
Open
High severity security flaw in JSONPath Plus allows Remote Code Execution - please update dependency#413
@Ben-CA

Description

@Ben-CA
Ben-CA
opened on Feb 18, 2025

High severity security flaw in JSONPath Plus allows Remote Code Execution - please update dependency

Image

Activity

ncastro-va

ncastro-va commented on Feb 19, 2025

@ncastro-va
ncastro-va
on Feb 19, 2025

This vulnerability is preventing my team from deploying into production: https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585. As stated above, please update jsonpath-plus to 10.3.0.

danish-khan-I

danish-khan-I commented on Feb 20, 2025

@danish-khan-I
danish-khan-I
on Feb 20, 2025
Contributor

It has been resolved in this PR but yet to be merged.

Ben-CA

Ben-CA commented on Feb 20, 2025

@Ben-CA
Ben-CA
on Feb 20, 2025
ContributorAuthor

I see that this has been merged and 7.3.1 is now on NPM.

Thanks to @danish-khan-I and @chris-pardy

ncastro-va

ncastro-va commented on Feb 21, 2025

@ncastro-va
ncastro-va
on Feb 21, 2025

Thank you for the quick response!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @danish-khan-I@Ben-CA@ncastro-va

        Issue actions
          High severity security flaw in JSONPath Plus allows Remote Code Execution - please update dependency · Issue #413 · CacheControl/json-rules-engine