Skip to content
This repository was archived by the owner on Mar 20, 2025. It is now read-only.

[Aikido] Fix critical security issue in asl-validator via version upgrade to 3.8.4 #20

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Aikido] Fix critical security issue in asl-validator via version upgrade to 3.8.4 #20

wants to merge 1 commit into from

Conversation

aikido-autofix[bot]
Copy link

This PR will resolve the following CVEs:

CVE ID Severity Description 
CVE-2024-21534
 
🚨 CRITICAL
 All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.

Note:

There were several attempts to fix it in versions [10.0.... |
| 

CVE-2025-1302
| 
🚨 CRITICAL
| Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode.

Note:

This is caused by an incomplete fix for ... |
| 

AIKIDO-2024-10345
| 
🚨 CRITICAL
| Affected versions of the package remain vulnerable to Remote Code Execution (RCE). CVE-2024-21534 was not fully addressed in version 10.0.0, leaving the possibility of RCE for certain inputs. |

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants