Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)

A pink background with concentric circles features a white bug icon in a circle and text below reading Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534). The word upwind appears in the top right corner.

A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]