HIGH
jsonpath
CVE published 2026-02-09
CVE-2026-1615
CVE-2026-1615 is a high-severity vulnerability in the jsonpath package, affecting versions before 1.3.0. The vulnerability allows for arbitrary code injection via unsafe evaluation of user-supplied JSON Path expressions. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node [truncated]