[GHSA-x5r6-x823-9848] Arbitrary Code Execution in json-ptr #1811

tdunlap607 · 2023-03-22T15:43:44Z

Updates

Affected products
Description
References

Comments
The affected version is incorrect. It should be <2.1.0

When reviewing the pull (418sec/json-ptr#3), the comment "Fixed in v2.1.0 and above." denotes when the fix occurred.

Additionally, the apply for the fix: "I went ahead applied the fix for flitbit#30 (Eli's alternative), which also fixes flitbit#28, supplied the missing tests, and I put it in a branch in the underlying repo, which was slightly ahead of your fork (I had already updated dependencies to address other security warnings)."

This confirms the following patch link: flitbit/json-ptr@2539e34, which is present here: flitbit/json-ptr@v2.0.0...v2.1.0 between v2.0.0 and v2.1.0.

advisory-database · 2023-03-22T20:51:29Z

Hi @tdunlap607! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-x5r6-x823-9848

dbb2dbb

github-actions bot changed the base branch from main to tdunlap607/advisory-improvement-1811 March 22, 2023 15:44

advisory-database bot merged commit 1cc38d7 into tdunlap607/advisory-improvement-1811 Mar 22, 2023

advisory-database bot deleted the tdunlap607-GHSA-x5r6-x823-9848 branch March 22, 2023 20:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-x5r6-x823-9848] Arbitrary Code Execution in json-ptr #1811

[GHSA-x5r6-x823-9848] Arbitrary Code Execution in json-ptr #1811

tdunlap607 commented Mar 22, 2023

advisory-database bot commented Mar 22, 2023

[GHSA-x5r6-x823-9848] Arbitrary Code Execution in json-ptr #1811

[GHSA-x5r6-x823-9848] Arbitrary Code Execution in json-ptr #1811

Conversation

tdunlap607 commented Mar 22, 2023

advisory-database bot commented Mar 22, 2023