Moderate severityNVD Advisory· Published Jan 28, 2026· Updated Jan 29, 2026
CVE-2025-61140
CVE-2025-61140
Description
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jsonpathnpm | < 1.2.0 | 1.2.0 |
Affected products
78- ghsa-coords78 versionspkg:npm/jsonpathpkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-boynux-squid_exporter&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-prometheus-node_exporter&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/golang-github-prometheus-promu&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-Micro-5pkg:rpm/suse/dracut-wireless&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/dracut-wireless&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-Micro-5pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-Micro-5pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/mgr-push&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/Multi-Linux-ManagerTools-Beta-SLE-Micro-release&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-Micro-5pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-Micro-5pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/python-defusedxml&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/rhnlib&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/spacecmd&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/uyuni-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-tools&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-Micro-5pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-Micro-5pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-15pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20SLE-Micro-5
< 1.2.0+ 77 more
- (no CPE)range: < 1.2.0
- (no CPE)range: < 1.1.0-150000.1.65.1
- (no CPE)range: < 1.13.0-150000.1.12.1
- (no CPE)range: < 1.0.10-150000.1.26.1
- (no CPE)range: < 0.28.1-150100.4.31.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 3.5.0-150100.4.29.1
- (no CPE)range: < 3.5.0-160000.2.1
- (no CPE)range: < 0.17.0-150000.3.30.1
- (no CPE)range: < 0.4.0-150000.1.21.1
- (no CPE)range: < 0.26.0-150000.1.30.2
- (no CPE)range: < 5.0.15-150000.3.142.1
- (no CPE)range: < 1.1.0-150000.1.65.1
- (no CPE)range: < 1.1.0-150000.1.65.1
- (no CPE)range: < 1.1.0-159000.2.2.1
- (no CPE)range: < 1.1.0-159000.2.2.1
- (no CPE)range: < 0.1.1595937550.0285244-159000.2.2.1
- (no CPE)range: < 0.1.1595937550.0285244-159000.2.2.1
- (no CPE)range: < 1.13.0-150000.1.12.1
- (no CPE)range: < 1.13.0-159000.2.2.1
- (no CPE)range: < 1.0.10-150000.1.26.1
- (no CPE)range: < 1.0.10-159000.2.2.1
- (no CPE)range: < 1.0.10-150002.3.6.1
- (no CPE)range: < 0.28.1-150100.4.31.1
- (no CPE)range: < 0.28.1-150100.4.31.1
- (no CPE)range: < 0.28.1-159000.12.2.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-150100.3.38.1
- (no CPE)range: < 1.9.1-159000.4.2.1
- (no CPE)range: < 1.9.1-159000.4.2.1
- (no CPE)range: < 3.5.0-150100.4.29.1
- (no CPE)range: < 3.5.0-160000.2.1
- (no CPE)range: < 3.5.0-160000.2.1
- (no CPE)range: < 3.5.0-150000.3.67.1
- (no CPE)range: < 3.5.0-159000.4.3.2
- (no CPE)range: < 3.5.0-150002.3.8.1
- (no CPE)range: < 0.17.0-150000.3.30.1
- (no CPE)range: < 0.4.0-150000.1.21.1
- (no CPE)range: < 0.4.0-150000.1.21.1
- (no CPE)range: < 0.4.0-159000.2.2.1
- (no CPE)range: < 11.6.11-150000.1.90.1
- (no CPE)range: < 11.6.11-159000.2.3.2
- (no CPE)range: < 11.6.14+security01-150002.4.14.1
- (no CPE)range: < 5.2.3-159000.2.3.1
- (no CPE)range: < 5-159000.3.3.1
- (no CPE)range: < 0.26.0-150000.1.30.2
- (no CPE)range: < 0.26.0-150000.1.30.2
- (no CPE)range: < 0.26.0-159000.2.2.1
- (no CPE)range: < 0.26.0-150002.3.6.1
- (no CPE)range: < 0.26.0-150002.3.6.1
- (no CPE)range: < 0.10.1-159000.2.2.1
- (no CPE)range: < 0.7.1-159000.4.2.1
- (no CPE)range: < 5.2.4-159000.4.3.1
- (no CPE)range: < 5.0.15-150000.3.142.1
- (no CPE)range: < 5.2.6-159000.4.3.1
- (no CPE)range: < 5.1.13-150002.3.9.3
- (no CPE)range: < 5.2.4-159000.4.3.1
- (no CPE)range: < 1.2.3-159000.4.2.1
- (no CPE)range: < 5.2.2-159000.4.2.1
- (no CPE)range: < 5.2.3-159000.2.3.1
- (no CPE)range: < 0.1.38-150000.1.30.1
- (no CPE)range: < 0.1.38-150000.1.30.1
- (no CPE)range: < 5.2.5-159000.2.3.2
- (no CPE)range: < 5.2.5-159000.2.3.2
- (no CPE)range: < 5.1.26-150002.3.12.1
- (no CPE)range: < 5.1.26-150002.3.12.1
- (no CPE)range: < 3006.0-159000.5.3.2
- (no CPE)range: < 3006.0-159000.5.3.2
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6c59-mwgh-r2x6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-61140ghsaADVISORY
- gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341dghsaWEB
- github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcbghsaWEB
- github.com/dchester/jsonpath/issues/181ghsaWEB
- github.com/dchester/jsonpath/issues/194ghsaWEB
- github.com/dchester/jsonpath/pull/195ghsaWEB
News mentions
0No linked articles in our index yet.