Headline
GHSA-5c5f-7vfq-3732: JMESPath for Ruby using JSON.load instead of JSON.parse
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
JMESPath for Ruby using JSON.load instead of JSON.parse
Moderate severity GitHub Reviewed Published Jun 7, 2022 • Updated Jun 7, 2022
Related news
CVE-2022-32511: What's the difference between JSON.load and JSON.parse methods of Ruby lib?
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.