CyberChef icon indicating copy to clipboard operation
CyberChef copied to clipboard
verified publisher icon gchq

Security Fix: Address Critical CVE in cyberchef-node by Upgrading jsonpath-plus to v10.0.0 or Higher

Open mayyagoldman opened this issue 1 year ago • 0 comments

Issue Description:

cyberchef-node is currently using jsonpath-plus version ^7.2.0, which has a known vulnerability identified as CVE-2024-21534. This vulnerability poses security risks, and it is recommended to upgrade to at least version 10.0.0 where the issue has been addressed.

Proposed Solution:

Update the jsonpath-plus dependency in package.json to ^10.0.0 or later.

Steps to Reproduce:

Inspect package.json to find jsonpath-plus at version ^7.2.0. Run security scans to confirm vulnerability (CVE-2024-21534).

References: CVE-2024-21534 jsonpath-plus v10.0.0 release notes

Expected Outcome: After upgrading, the project should no longer be vulnerable to CVE-2024-21534, and all functionalities depending on jsonpath-plus should remain intact.

mayyagoldman avatar Oct 20 '24 08:10 mayyagoldman