Jmespath
1 CVEs
product
Monthly
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Jmespath
Fedora
NVD
GitHub
VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-32511
Ruby
EPSS 2%
CVSS 9.8
CRITICAL
PATCH
Act Now
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Jmespath
Fedora
NVD
GitHub
VulDB