CVE-2024-21534 - JSONPath Plus Remote Code Execution (RCE) Vulnerability

[drouian-m]

Hi,

The jsonpath-plus module contains a 9.3/10 vulnerability about remote code execution.

CVE details : GHSA-pppg-cpfq-h7wr

The module vulnerability seems fixed in 10.xx versions.

[PradiptoG]

Hi,
Any update on this? This is blocking our release.
Thanks

[drouian-m]

There is a PR in progress to patch the CVE : #379

[chris-pardy]

Resolved in v7.0.0 see #386