Vulnerability for versions < 10.0.7 of JSONPath

# There is a vulnerability in the transitive dependency JSONPath

## Description

The latest possible version of JSONPath that can be installed is 7.2.0 because of the following conflicting dependencies:
- serverless-step-functions@3.21.2 requires jsonpath-plus@^7.0.0 via a transitive dependency on asl-path-validator@0.13.0
- serverless-step-functions@3.21.2 requires jsonpath-plus@^7.2.0 via a transitive dependency on asl-validator@3.8.3

The earliest fixed version of JSONPath is 10.0.7.

The vulnerability was first published in November 2024.

See [CVE-2024-21534](https://nvd.nist.gov/vuln/detail/CVE-2024-21534) for more details.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerability for versions < 10.0.7 of JSONPath #639

There is a vulnerability in the transitive dependency JSONPath

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability for versions < 10.0.7 of JSONPath #639

Description

There is a vulnerability in the transitive dependency JSONPath

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions