Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-21534 PoC — JSONPath Plus 安全漏洞

Source
https://github.com/XiaomingX/cve-2024-21534-poc
Associated Vulnerability
Title:JSONPath Plus 安全漏洞 (CVE-2024-21534)
Description:All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).
Description
jsonpath-plus 包(版本 <=10.0.7)存在严重的远程代码执行(RCE)漏洞,允许攻击者通过 Node.js 的 VM 模块执行任意代码。该漏洞由于输入验证不严格导致,影响版本为 10.0.7 以下,CVSS 分数为 9.8(极其严重)。漏洞首次公开于 2024 年 10 月 11 日。
Readme
# 漏洞信息:CVE-2024-21534

`jsonpath-plus` 包(版本 <=10.0.7)存在严重的远程代码执行(RCE)漏洞,允许攻击者通过 Node.js 的 VM 模块执行任意代码。该漏洞由于输入验证不严格导致,影响版本为 10.0.7 以下,**CVSS 分数为 9.8(极其严重)**。漏洞首次公开于 2024 年 10 月 11 日。

### 漏洞详情

虽然在版本 10.0.0 中曾尝试修复此问题,但特定的攻击方式仍可利用该漏洞(详见 [Issue #226](https://github.com/JSONPath-Plus/JSONPath/issues/226))。

---

## 如何复现

### 准备工作

1. 安装 Docker。
2. 克隆此漏洞验证代码库:

   ```bash
   git clone https://github.com/your-username/CVE-2024-XXXX-PoC.git
   cd CVE-2024-XXXX-PoC
   ```

### 注意

特别感谢 Andrea Angelo Raineri 发现并报告该漏洞,并协助验证相关攻击方式。
File Snapshot

 [4.0K]  /data/pocs/770568fefbe7471a4c30bba1351c8f96602cb09c
├── [4.0K]  curling-app
│   ├── [ 318]  Dockerfile
│   └── [2.4K]  execute_curls.sh
├── [ 776]  deployment.yml
├── [4.0K]  jsonizer-app
│   ├── [  85]  docker-compose.yml
│   ├── [ 814]  Dockerfile
│   ├── [2.5K]  index.js
│   └── [ 342]  package.json
├── [1.0K]  LICENSE
└── [ 876]  README.md

2 directories, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →