VYPR
Critical severity9.8GHSA Advisory· Published Oct 11, 2024· Updated Apr 15, 2026

CVE-2024-21534

CVE-2024-21534

Description

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1.0 but it could still be exploited using different payloads.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jsonpath-plusnpm
< 10.2.010.2.0
org.webjars.npm:jsonpath-plusMaven
<= 6.0.1

Affected products

31

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.