Vulnerability Details CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832%2C
- https://snyk.io/vuln/SNYK-JS-NODERULES-560426
- https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832
- https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832%2C
- https://snyk.io/vuln/SNYK-JS-NODERULES-560426
Products affected by CVE-2020-7609
-
cpe:2.3:a:node-rules_project:node-rules:3.0.0
-
cpe:2.3:a:node-rules_project:node-rules:4.0.2