CVE-2025-61140
EUVD-2025-20648628.01.2026, 16:16
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dchester | jsonpath | 1.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
- CWE-502 - Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
References