CVE-2024-27307

Name of the Vulnerable Software and Affected Versions JSONata versions 1.4.0 through 1.8.6 JSONata versions 2.0.0 through 2.0.3

Description A malicious expression can use the transform operator to override properties on the Object constructor and prototype, potentially leading to denial of service, remote code execution, or other unexpected behavior in applications that evaluate user-provided JSONata expressions.

Recommendations For JSONata versions 1.4.0 through 1.8.6, update to version 1.8.7 or later to prevent exploitation. For JSONata versions 2.0.0 through 2.0.3, update to version 2.0.4 or later to prevent exploitation. As a temporary workaround, consider applying the manual patch provided to prevent exploitation.