Jsonpath-plus vulnerability | ActiveReportsJS | Developer | MESCIUS Forums

Products
Support & Learning
Blogs
Pricing
Search
Cart
Sign In

.NET UI
.NET controls for desktop, web, and native mobile
ComponentOne
WinForms
WPF
WinUI
UWP
Xamarin
MAUI
ASP.NET MVC
ASP.NET Core
Blazor
ActiveX
WebAPI
Service Components
ASP.NET Web Forms

JAVASCRIPT
HTML5/JavaScript controls with support for Angular, React, and Vue
Wijmo
SpreadJS
ActiveReportsJS
DataViewsJS

DOCUMENT SOLUTIONS
Take total control of your documents with high-speed, intuitive document APIs
Excel, .NET Edition
Excel, Java Edition
PDF
Word
Imaging
Document Viewers

REPORTING
Full reporting solutions with extensive data visualization, viewers, and designers
ActiveReports .NET
ActiveReportsJS

SPREADSHEETS
Powerful spreadsheets for .NET, JavaScript, and COM
Spread.NET
SpreadJS
Spread COM
DataViewsJS

Our Latest Release

Check out the newest updates and features in ActiveReportsJS v5.2
Learn More »

SUPPORT
Have a question or issue? Find out how we can help.
Forums
Licensing
Support Plans
Submit A Ticket

LEARNING
Read, watch, and learn about our products, team, and the latest trends.
Samples
Blogs
Videos
Knowledge Base
Webinars
Demos
Documentation
White Papers
Case Studies

LATEST RELEASE INFO
Find out what's new in the latest versions of our products.
ActiveReports .NET
ActiveReportsJS
ComponentOne
DsExcel .NET
DsExcel Java
DsImaging
DsPdf
DsWord
Spread.NET
SpreadJS
Wijmo

Our Latest Release

Check out the newest updates and features in ActiveReportsJS v5.2
Learn More »

Jsonpath-plus vulnerability

Posted by: thierry.kith on 14 October 2024, 11:14 pm EST

Please login to follow topic

thierry.kith
- Post Options:
- Link
  Copy
Posted 14 October 2024, 11:14 pm EST - Updated 14 October 2024, 11:19 pm EST

Hello,

It seems that the jsonpath-plus dependency has a vulnerability.

Are you planning to update the version (10.0.0 seems to be the one fixing the vulnerability)?

Best regards.

768×244 8.69 KB
apowers
- Post Options:
- Link
  Copy
Posted 12 November 2024, 4:39 pm EST

Any updates?
katyayny.raghuvanshi
- Post Options:
- Link
  Copy
Posted 11 December 2024, 4:45 am EST

Hi,

We apologize for the delay in getting back to you. This case somehow got missed by our team. However, we have escalated the same to our development team and will get back to you as soon as we receive any updates from their side [Internal tracking ID: ARJ-6542].

We heartily appreciate your patience and understanding.
katyayny.raghuvanshi
- Post Options:
- Link
  Copy
Posted 17 December 2024, 5:31 am EST

Hi,

jsonpath-plus will be updated to the non-vulnerable v10.1.10 version from ARJS v5.2.0 (ETA: February 14, 2025). We appreciate your patience in the meantime.

Please login to reply to thread

Need extra support?

Upgrade your support plan and get personal unlimited phone support with our customer engagement team

Forum Channels

ComponentOne

Forums for all current editions of the ComponentOne .NET UI control product line, including ComponentOne Studio and ComponentOne Studio for Xamarin.
ActiveReports

Forums for all versions of ActiveReports and ActiveReports Server
Spread

Forums for all current versions of Spread .NET spreadsheets, SpreadJS JavaScript spreadsheets, and SpreadCOM spreadsheets.
Wijmo

Forums for all Wijmo products, including Wijmo Core, FinancialChart, FlexSheet, MultiRow, OLAP, and ReportViewer
- General Discussion
Document Solutions

Forums for all Document Solutions products, including Document Solutions for PDF, Word, Excel (.NET and Java), and Imaging.

© 2025 MESCIUS USA, Inc. All Rights Reserved. · 1.800.858.2739

All product and company names herein may be trademarks of their respective owners.