CVE-2024-21534 - JSONPath Plus Remote Code Execution (RCE) Vulnerability

Question

drouian-m opened this issue 5 months ago · 3 comments

Hi,

The jsonpath-plus module contains a 9.3/10 vulnerability about remote code execution.

The module vulnerability seems fixed in 10.xx versions.

Answer 1 · 2024-10-24T14:47:43.000Z

Hi,
Any update on this? This is blocking our release.
Thanks

Answer 2 · 2024-10-24T14:57:59.000Z

There is a PR in progress to patch the CVE : #379

Answer 3 · 2024-10-25T02:18:12.000Z

Resolved in v7.0.0 see #386