Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSONPath Plus Remote Code Execution (RCE) Vulnerability #156

Closed
MWein opened this issue Oct 23, 2024 · 5 comments · Fixed by #157
Closed

JSONPath Plus Remote Code Execution (RCE) Vulnerability #156

MWein opened this issue Oct 23, 2024 · 5 comments · Fixed by #157
Labels
enhancement

Comments

@MWein
Copy link

MWein commented Oct 23, 2024

Is your feature request related to a problem? Please describe.

The fix for JSONPath was merged sometime last week but has not yet been published. This is a critical security alert.

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.
@cjcjameson
Copy link

+1 -- looking to keep using asl-validator but also address the CVE https://security.aikido.dev/cve/AIKIDO-2024-10347 in jsonpath-plus

@cjcjameson
Copy link

#155 is merged

@MWein
Copy link
Author

MWein commented Oct 28, 2024

@ChristopheBougere can you get this deployed soon? As a critical, this is holding up our deployment process.

@ChristopheBougere ChristopheBougere linked a pull request Oct 28, 2024 that will close this issue
fix: bump version on jsonpath-plus and asl-path-validator #157
Merged
@ChristopheBougere
Copy link
Owner

@MWein @cjcjameson sorry about that, this is finally deployed in 3.8.4

@cjcjameson
Copy link

@ChristopheBougere no worries, thanks so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: bump version on jsonpath-plus and asl-path-validator ChristopheBougere/asl-validator
3 participants
@ChristopheBougere @cjcjameson @MWein