dchester / jsonpath

Query and manipulate JavaScript objects with JSONPath expressions. Robust JSONPath engine for Node.js.

Security Vulnerability with static-eval@2.0.2

skvijay007 opened this issue 3 years ago · comments

Vijendra Kumar S K commented 3 years ago

Issue picked up and reported in Snyk: https://snyk.io/vuln/SNYK-JS-STATICEVAL-1056765

Natalia Leitnerova commented 3 years ago

Any chance of using the POC solution here?

chunkbro commented 3 years ago

JFrog Xray scan shows Arbitrary Code execution vulnerability for static-eval@2.0.2 and jsonpath@1.1.0 is flagged.