VDB
KO
CRITICAL 9.8

GHSA-5c5f-7vfq-3732

JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable

Details

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / jmespath
Introduced in: 0 Fixed in: 1.6.1
Fix bundle update jmespath

References