Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-61140

Опубликовано: 28 янв. 2026
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

A flaw was found in jsonpath. The value function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-console-plugin-rhel9Affected
Migration Toolkit for Virtualizationmtv-candidate/mtv-console-plugin-rhel9Will not fix
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-api-rhel8Will not fix
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-db-migration-rhel8Will not fix
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-ui-rhel8Affected
Red Hat Ansible Automation Platform 2ansible-on-clouds/aoc-azure-aap-installer-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-cuda-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/disk-image-cuda-rhel9Affected
Red Hat Fuse 7io.hawt-hawtio-onlineWill not fix
Red Hat OpenShift AI (RHOAI)rhoai/odh-kf-notebook-controller-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=2433946jsonpath: jsonpath: Prototype Pollution vulnerability in the value function

EPSS

Процентиль: 21%
0.00066
Низкий

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-61140

CVSS3: 9.8
nvd
2 месяца назад

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

github логотип

GHSA-6c59-mwgh-r2x6

github
2 месяца назад

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

suse-cvrf логотип

openSUSE-SU-2026:20239-1

suse-cvrf
около 2 месяцев назад

Security update for golang-github-prometheus-prometheus

suse-cvrf логотип

SUSE-SU-2026:1008-1

suse-cvrf
13 дней назад

Security update for Prometheus

suse-cvrf логотип

SUSE-SU-2026:1013-1

suse-cvrf
12 дней назад

Security update 5.0.7 for Multi-Linux Manager Client Tools

EPSS

Процентиль: 21%
0.00066
Низкий

8.8 High

CVSS3