Filtered by vendor Dchester
Subscriptions
Filtered by product Jsonpath
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1615 | 1 Dchester | 1 Jsonpath | 2026-02-17 | 9.8 Critical |
| Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply. | ||||
| CVE-2025-61140 | 1 Dchester | 1 Jsonpath | 2026-02-09 | 9.8 Critical |
| The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution. | ||||
Page 1 of 1.