REDHAT-BUG-2317968: Low severity jsonpath-plus jsonpath-plus vulnerability

Q: What is the severity of REDHAT-BUG-2317968?

The severity of REDHAT-BUG-2317968 is classified as critical due to the potential for Remote Code Execution.

Q: How do I fix REDHAT-BUG-2317968?

To fix REDHAT-BUG-2317968, update the jsonpath-plus package to version 10.0.0 or higher.

Q: What systems are affected by REDHAT-BUG-2317968?

Systems using versions of jsonpath-plus prior to 10.0.0 are affected by REDHAT-BUG-2317968.

Q: What type of vulnerability is REDHAT-BUG-2317968?

REDHAT-BUG-2317968 is a Remote Code Execution (RCE) vulnerability.

Q: Can an attacker exploit REDHAT-BUG-2317968 remotely?

Yes, an attacker can exploit REDHAT-BUG-2317968 remotely due to improper input sanitization.

Published Oct 11, 2024

Updated

Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.

Note:

The unsafe behavior is still available after applying the fix but it is not turned on by default.

Affected Software

1 affected component

jsonpath-plus jsonpath-plus<10.0.0

Event History

Oct 11, 2024

Data Sourced

via Red Hat·06:01 AM

DescriptionSeverityAffected Software

Frequently Asked Questions

What is the severity of REDHAT-BUG-2317968?

The severity of REDHAT-BUG-2317968 is classified as critical due to the potential for Remote Code Execution.

How do I fix REDHAT-BUG-2317968?

To fix REDHAT-BUG-2317968, update the jsonpath-plus package to version 10.0.0 or higher.

What systems are affected by REDHAT-BUG-2317968?

Systems using versions of jsonpath-plus prior to 10.0.0 are affected by REDHAT-BUG-2317968.

What type of vulnerability is REDHAT-BUG-2317968?

REDHAT-BUG-2317968 is a Remote Code Execution (RCE) vulnerability.

Can an attacker exploit REDHAT-BUG-2317968 remotely?