com.jayway.jsonpath:json-path@1.1.0 vulnerabilities

  • latest version

    2.9.0

  • latest non vulnerable version

  • first published

    13 years ago

  • latest version published

    11 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the com.jayway.jsonpath:json-path package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Buffer Overflow

    Affected versions of this package are vulnerable to Buffer Overflow via the deprecated Criteria.parse or Criteria.where methods. An attacker can disrupt the regular operation of the application by supplying a specially crafted input that triggers a stack overflow. Exploiting this vulnerability requires insecure configurations on the server side, for example - handling requests in a one single thread.

    How to fix Buffer Overflow?

    Upgrade com.jayway.jsonpath:json-path to version 2.9.0 or higher.

    [,2.9.0)