jsonpath-plus

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting jsonpath-pluspage 1 of 1

CVE-2024-21534CRITICALCVSS 9.8EG 9.8✓ Fixed in 10.2.0
2024-10-11
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note…
CVE-2025-1302CRITICALCVSS 9.8EG 9.8✓ Fixed in 10.3.0
2025-02-15
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='saf…

Check whether jsonpath-plus is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jsonpath-plus CVEs against the assets you own.

Start Free Scan →