CVE-2020-7609

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
27/04/2020
Last modified:
07/11/2023

Description

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:node-rules_project:node-rules:*:*:*:*:*:node.js:*:* 3.0.0 (including) 5.0.0 (excluding)