CVE-2020-7609
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
27/04/2020
Last modified:
07/11/2023
Description
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:node-rules_project:node-rules:*:*:*:*:*:node.js:*:* | 3.0.0 (including) | 5.0.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page