CVE-2024-21534: Code Injection
First published: Fri Oct 11 2024(Updated: )
Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** The unsafe behavior is still available after applying the fix but it is not turned on by default.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date