CRITICAL
Dchester
CVE published 2026-01-28
CVE-2025-61140
CVE-2025-61140 is a critical vulnerability in the jsonpath library, version 1.1.1. The vulnerability is caused by a Prototype Pollution issue in the value function in lib/index.js. This vulnerability has been assigned a CVSS score of 9.8, indicating a high severity. The CVE was published on January 28, 2026, and last modified on June 30, 2026. The vulnerability affects the jsonpath product from Dchester. [truncated]