jsonpath-plus < 10.3.0 is vulnerable to Remote Code Execution#1853
Open
There is a vulnerability in the jsonpath-plus used in serverless-offline. This package are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Could the package be updated to version 10.3.0 ? Ref: https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be still under discussion. The issue was opened by sdecalom and has received 2 comments.
Add a comment
Comment form would go here