VYPR

Jsonpath

by Jsonpath Plus

npm: jsonpath

Source repositories

CVEs (2)

  • CVE-2026-1615CriFeb 9, 2026
    risk 0.57cvss 9.8epss 0.01

    Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely.…

  • CVE-2024-21534CriOct 11, 2024
    risk 0.57cvss 9.8epss 0.09

    All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix…