JavaScript JSONata Library Security Update Advisory

Mar 19 2024

Overview

An update has been made available to address a vulnerability in the JSONata library in JavaScript. users of affected versions are advised to update to the latest version.

Affected Products

JSONata

from 1.4.0(include) to 1.8.7(exclude)
versions from 2.0.0(include) to 2.0.4(exclude)

Resolved Vulnerabilities

Denial of service and remote code execution vulnerability in the JSONata library (CVE-2024-27307)

Vulnerability Patches

JSONata version 1.8.7, 2.0.4

Referenced Sites

[1] JSONata expression can pollute the “Object” prototype

https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8

[2] 1.8.7 Maintenance Release

https://github.com/jsonata-js/jsonata/releases/tag/v1.8.7

[3] 2.0.4 Maintenance Release

https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4

JavaScript JSONata Library Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Spring Framework Security Update Advisory

WordPress TI WooCommerce Wishlist Plugin Security Update Advisory (CVE-2022-0412)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Spring Framework Security Update Advisory

WordPress TI WooCommerce Wishlist Plugin Security Update Advisory (CVE-2022-0412)