# npm audit report
jsonpath-plus <10.0.0
Severity: critical
JSONPath Plus Remote Code Execution (RCE) Vulnerability - https://github.com/advisories/GHSA-pppg-cpfq-h7wr
fix available via `npm audit fix --force`
Will install @stoplight/prism-cli@4.4.3, which is a breaking change
node_modules/jsonpath-plus
json-schema-faker 0.5.0-rc1 - 0.5.0-rcv.46 || >=0.5.2
Depends on vulnerable versions of jsonpath-plus
node_modules/json-schema-faker
@stoplight/prism-cli *
Depends on vulnerable versions of @stoplight/prism-http
Depends on vulnerable versions of @stoplight/prism-http-server
Depends on vulnerable versions of json-schema-faker
node_modules/@stoplight/prism-cli
@stoplight/prism-http >=3.0.0-alpha.0
Depends on vulnerable versions of json-schema-faker
node_modules/@stoplight/prism-http
@stoplight/prism-http-server *
Depends on vulnerable versions of @stoplight/prism-http
node_modules/@stoplight/prism-http-server
5 critical severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
To be precise the vulnerability is present for the jsonpath-plus dependancy which is a dependency of json-schema-faker library that prism is dependant on.
There is a vulnerability disclosed recently in a package this library is dependant on.
There is a PR to fix this here: https://github.com/json-schema-faker/json-schema-faker/pull/822
I am on
@stoplight/prism-cli
version5.10.0
Vulnerability is disclosed here https://github.com/advisories/GHSA-pppg-cpfq-h7wr