CVE advisoryCRITICAL
CVE-2022-32511
jmespath.rb Improper JSON Parsing Vulnerability.
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A critical vulnerability exists in the jmespath.rb library, a Ruby implementation for processing JSON data. The flaw stems from the use of a less secure JSON parsing method, which could allow an attacker to execute arbitrary Ruby code if they can control the JSON input processed by an application using a vulnerable ver