CNNVD-202602-1251 Information

CNNVD ID

CNNVD-202602-1251

Related CVE

CVE-2026-1615

• CNNVD Published: 2026-02-09

Description (Chinese)

jsonpath是David Chester个人开发者的一个JSONPath引擎。 jsonpath存在安全漏洞，该漏洞源于对用户提供的JSON Path表达式进行不安全评估，可能导致任意代码注入，在Node.js环境中引发远程代码执行或在浏览器环境中引发跨站脚本攻击。

Description (English)

Jsonpath is a JSONPath engine for David Chester’s personal developer. There is a security loophole in jsonpath, which stems from an unsafe assessment of the user ’ s JSON Path expression, which may lead to any code injection that triggers remote code execution in the Node.js environment or cross-site script attacks in the browser environment.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-09

Last Modified

2026-02-24

References

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219 https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243 https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034 https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb https://access.redhat.com/security/cve/cve-2026-1615