jsonpath-plus < 10.2.0 is vulnerable to Remote Code Execution#1851
Closed
There's a vulnerability in jsonpath-plus package used in serverless-offline due to improper sanitization. According to [Snyk](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884), severity is "critical". Please can the package be bumped to v10.2.0 for versions 13 or lower for those of us who havent moved to serverless V4 yet.
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by asher-kilner and has received 0 comments.
Add a comment
Comment form would go here