Skip to content

upgrade jsonpath plus from 10.1.0 to 10.3.0 to avoid remote code execution Vulnerability #258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bysalkarki opened this issue Mar 17, 2025 · 1 comment · May be fixed by #262
Open

upgrade jsonpath plus from 10.1.0 to 10.3.0 to avoid remote code execution Vulnerability #258

bysalkarki opened this issue Mar 17, 2025 · 1 comment · May be fixed by #262

Comments

@bysalkarki
Copy link

bysalkarki commented Mar 17, 2025
edited
Loading

I am currently using Synk, and it has indicated a potential vulnerability for remote code execution.
https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
garrett-green added a commit to garrett-green/redis-om-node that referenced this issue May 3, 2025
@garrett-green
Update jsonpath-plus to 10.3.0 to resolve vulnerability and close red…
be6f530 
…is#258
@garrett-green garrett-green linked a pull request May 3, 2025 that will close this issue
Open
@garrett-green
Copy link
Contributor

@guyroyse I opened PR #262 to address this issue! Will you please take a look when you have a chance?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update jsonpath-plus to 10.3.0 to Resolve Vulnerability garrett-green/redis-om-node
2 participants
@garrett-green @bysalkarki