JMESPath for Ruby using JSON.load instead of JSON.parse
Published: June 07, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2022-32511 (NVD)
- GHSA: GHSA-5c5f-7vfq-3732
- Vendor Advisory: https://github.com/jmespath/jmespath.rb/pull/55
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
>= 1.6.1
DESCRIPTION
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.