JSONata expression can pollute the "Object" prototype
CVE-2024-27307

9.8CRITICAL

Key Information:

Vendor

Jsonata-js

Status
Jsonata
Vendor
CVE Published:
6 March 2024

What is CVE-2024-27307?

A vulnerability exists in JSONata, a JSON query and transformation language, that allows malicious expressions to exploit the transform operator. This exploitation can lead to overriding properties on the Object constructor and prototype, potentially resulting in denial of service or remote code execution in applications that evaluate JSONata expressions provided by users. Users of versions 1.4.0 through 1.8.6 and 2.0.0 through 2.0.3 should upgrade to versions 1.8.7 or 2.0.4 immediately to secure their systems against such threats. Manual patching can serve as a temporary workaround until upgrades are completed.

Affected Version(s)

jsonata >= 1.4.0, < 1.8.7 < 1.4.0, 1.8.7

jsonata >= 2.0.0, < 2.0.4 < 2.0.0, 2.0.4

References

https://github.com/jsonata-js/jsonata/security/advisories...
x_refsource_CONFIRM
https://github.com/jsonata-js/jsonata/commit/1d579dbe99c1...
x_refsource_MISC
https://github.com/jsonata-js/jsonata/commit/335d38f6278e...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.