Published: 06/06/2022 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

jmespath.rb (aka JMESPath for Ruby) prior to 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jmespath project jmespath
fedoraproject fedora 35
fedoraproject fedora 36

Debian Bug report logs - #1014807 ruby-jmespath: CVE-2022-32511 Package: src:ruby-jmespath; Maintainer for src:ruby-jmespath is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 12 Jul 2022 10:09:01 UTC Severity: grave Tags: security ...

NVD-CWE-noinfo https://stackoverflow.com/a/30050571/580231 https://github.com/jmespath/jmespath.rb/pull/55 https://github.com/jmespath/jmespath.rb/compare/v1.6.0...v1.6.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGZ2YWONVFFOPACHAT4MM7ZBT4DNHOF5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/376NUPIPTYBWWGS33GO4UOLQRI4D3BTP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014807 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-32511

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect