json-rules-engine icon indicating copy to clipboard operation
json-rules-engine copied to clipboard
verified publisher icon CacheControl

High severity security flaw in JSONPath Plus allows Remote Code Execution - please update dependency

Open Ben-CA opened this issue 1 year ago • 4 comments

High severity security flaw in JSONPath Plus allows Remote Code Execution - please update dependency

Image

Ben-CA avatar Feb 18 '25 20:02 Ben-CA

This vulnerability is preventing my team from deploying into production: https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585. As stated above, please update jsonpath-plus to 10.3.0.

ncastro-va avatar Feb 19 '25 19:02 ncastro-va

It has been resolved in this PR but yet to be merged.

danish-khan-I avatar Feb 20 '25 02:02 danish-khan-I

I see that this has been merged and 7.3.1 is now on NPM.

Thanks to @danish-khan-I and @chris-pardy

Ben-CA avatar Feb 20 '25 15:02 Ben-CA

Thank you for the quick response!

ncastro-va avatar Feb 21 '25 23:02 ncastro-va