JSONPath-Plus is a widely used [0] JavaScript package to query JSON objects with the JSONPath query language.
Recent versions allow trivial RCE. [1]
[0] 800+ direct dependants https://www.npmjs.com/package/jsonpath-plus?activeTab=depend... [1] https://github.com/JSONPath-Plus/JSONPath/issues/226
JSONPath-Plus is a widely used [0] JavaScript package to query JSON objects with the JSONPath query language.
Recent versions allow trivial RCE. [1]
[0] 800+ direct dependants https://www.npmjs.com/package/jsonpath-plus?activeTab=depend... [1] https://github.com/JSONPath-Plus/JSONPath/issues/226