Описание
Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.
A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the static-eval module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.
Отчет
Red Hat Product Security team has rated this vulnerability as Important as it may allows arbitrary code execution when processing untrusted JSON Path expressions. This can lead to Remote Code Execution in Node.js environments or Cross-site Scripting in browser contexts. In some contexts it may be possible to remotely exploit this flaw without any privileges. However, within Red Hat products the jsonpath component is used as a transitive dependency or does not directly handle user input. This context reduces exposure and criticality of this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Affected | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-console-plugin-rhel9 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-db-migration-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/lightspeed-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-on-clouds/aoc-azure-aap-installer-rhel9 | Affected | ||
| Red Hat Developer Hub | rhdh/rhdh-hub-rhel9 | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions
Security update for golang-github-prometheus-prometheus
EPSS
9.8 Critical
CVSS3