Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSONPath Plus Remote Code Execution (RCE) Vulnerability #153

Closed
diego-santacruz opened this issue Oct 14, 2024 · 1 comment · Fixed by #155
Closed

JSONPath Plus Remote Code Execution (RCE) Vulnerability #153

diego-santacruz opened this issue Oct 14, 2024 · 1 comment · Fixed by #155
Labels
bug

Comments

@diego-santacruz
Copy link

This package is using jsonpath-plus 7, which is affected by CVE-2024-21534, a remote code execution vulnerability. See GHSA-pppg-cpfq-h7wr

Version 10 of jsonpath-plus has a fix.
@massfords massfords mentioned this issue Oct 14, 2024
Closed
@ChristopheBougere ChristopheBougere linked a pull request Oct 15, 2024 that will close this issue
bump dependency to address vulnerability in jsonpath-plus library #155
Merged
@uhei
Copy link

uhei commented Oct 23, 2024

Thanks @ChristopheBougere for the fix. However bbd05fd didn't trigger a release (I guess due to 'chore:...' commit message)

Can you create a new release? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@uhei @diego-santacruz