Security Advisory

CVE-2025-1302

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-15 05:00:01

Last updated 2025-02-18 20:32:41

Assigner snyk

State PUBLISHED

Description

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval=safe mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).

← Browse all CVEs View on cve.org ↗