SNYK-JS-JSONPATH-13645034

SNYK-JS-JSONPATH-13645034 PUBLISHED CVSS 9.199999809265137 CRITICAL

## Overview [jsonpath](https://www.npmjs.org/package/jsonpath) is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the `static-eval` module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including `.query`, `.nodes`, `.paths`, `.value`, `.parent`, and `.apply`. ## Remediation Upgrade `jsonpath` to version 1.2.0 or higher. ## References - [GitHub Commit](https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb) - [Vulnerable Code](https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js#L243)

Risk Scores

CVSS v3.1

9.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

Affected Products

Vendor	Product	Versions
		0

Timeline

Jun 20, 2025 CVE Updated
Feb 5, 2026 CVE Published

References

Open in Interactive Console →