Описание
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.
A vulnerability was found in JSONata. A malicious expression can exploit the transform operator to override properties on the Object constructor and prototype. This issue can result in denial of service, remote code execution, or other unforeseen behavior in applications that assess user-provided JSONata expressions.
Отчет
This issue affects the @roadiehq/scaffolder-backend-module-utils plugin shipped in Red Hat Developer Hub. However, currently, this plugin is in technology preview. For more information, see the link below. https://access.redhat.com/documentation/en-us/red_hat_developer_hub/1.0/html/release_notes_for_red_hat_developer_hub_1.0/con-relnotes-techpreview-features_release-notes-rhdh#plugins-available-in-red-hat-developer-hub
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | jsonata | Not affected | ||
| Red Hat Developer Hub 1.2 on RHEL 9 | rhdh/rhdh-hub-rhel9 | Fixed | RHEA-2024:4071 | 24.06.2024 |
Показывать по
Дополнительная информация
Статус:
8.6 High
CVSS3
Связанные уязвимости
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.
JSONata expression can pollute the "Object" prototype
Уязвимость программного средства преобразования json-данных JSONata, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
8.6 High
CVSS3