CVE-2025-61140
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
| Vendor | n/a |
| Product | n/a |
| Published | Jan 28, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new critical vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
github.com: https://github.com/dchester/jsonpath gist.github.com: https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-61140 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2433946 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61140.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2181 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3962 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3960 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6802 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2180