← back
CVE-2022-32511

CVE-2022-32511

EPSS 2.1%
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jmespath/jmespath.rb/compare/v1.6.0...v1.6.1https://github.com/jmespath/jmespath.rb/pull/55https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/376NUPIPTYBWWGS33GO4UOLQRI4D3BTP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ2YWONVFFOPACHAT4MM7ZBT4DNHOF5/https://stackoverflow.com/a/30050571/580231