The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
Prototype Pollution (CWE-1321) consists of the attacker's ability to modify the base prototype of a JavaScript object (Object.prototype) by passing crafted input data to a vulnerable function. In this case, the value() function in lib/index.js does not properly validate the keys of processed JSONPath expressions, allowing injection of properties such as '__proto__', 'constructor' or 'prototype'. Infected properties are inherited by all objects in the application, affecting its operation.
An attacker can modify the behavior of a Node.js application by overwriting global properties of JavaScript objects, which can result in unauthorized data disclosure, violation of application integrity, and in certain scenarios even remote code execution (RCE) or denial of service (DoS).
Patches available from the manufacturer should be applied in accordance with the references. It is recommended to monitor the repository https://github.com/dchester/jsonpath to obtain an updated version of the library. As a temporary workaround, input data passed to the value() function should be validated and sanitized, and consideration should be given to using alternative JSONPath libraries.
Dchester Jsonpath library version 1.1.1 (lib/index.js file, value() function). Affects Node.js applications using this library.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDchester Jsonpath
APPDchester1.1.1