GCVE - cpe:2.3:a:n/a:org.webjars.npm:jsonpath-plus:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:org.webjars.npm:jsonpath-plus:*:*:*:*:*:*:*:*

part: a version: jsonpath-plus update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Org.Webjars.Npm (`1bfc0018-a693-5863-8d2a-88aebae96d1d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-21534`	vulnerable	2026-06-08 06:27:35.504291	Details available CRITICAL (9.8) All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226). Published: 2024-10-11T05:00:01.824Z Updated: 2024-11-18T10:37:45.634Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019 https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0 https://github.com/JSONPath-Plus/JSONPath/issues/226	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.