- Description
- Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
- Source
- report@snyk.io
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- report@snyk.io
- CWE-94
- Hype score
- Not currently trending
🚨 CVE-2025-1302 - critical 🚨 JSONPath Plus < 10.3.0 - Remote Code Execution > Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Exe... 👾 https://t.co/h0kx7K4T8r @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Nov 2025
149 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1302: CRITICAL] Package jsonpath-plus < 10.3.0 has a Remote Code Execution vulnerability allowing attackers to run code by misusing eval='safe'. Update to version 10.3.0 to fix this CVE-2024-21534.#cybersecurity,#vulnerability https://t.co/wby3Yrprvv https://t.co/uYL
@CveFindCom
15 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes