jsonpath-plus < 10.0.0 is vulnerable to Remote Code Execution#1825
Closed
## Feature Request According to https://nvd.nist.gov/vuln/detail/CVE-2024-21534, there's a vulnerability in `jsonpath-plus` package used in `serverless-offline` due to improper sanitization. According to [Snyk](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884), severity is "critical". Would be great if package can be bumped to v10 so fix the issue. **Expected behavior/code** `serverless-offline` has the issue fixed to let consumers to upgrade.
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by Alxblsk and has received 4 comments.
Add a comment
Comment form would go here