Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-5c5f-7vfq-3732: JMESPath for Ruby using JSON.load instead of JSON.parse

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

ghsa
#js#git#ruby

JMESPath for Ruby using JSON.load instead of JSON.parse

Moderate severity GitHub Reviewed Published Jun 7, 2022 • Updated Jun 7, 2022

Related news

CVE-2022-32511: What's the difference between JSON.load and JSON.parse methods of Ruby lib?

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.