node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
References
Link | Resource |
---|---|
https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832 | Patch Third Party Advisory |
https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832%2C | |
https://snyk.io/vuln/SNYK-JS-NODERULES-560426 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-04-27T21:06:35
Updated: 2020-04-27T21:06:35
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7609
JSON object: View
NVD Information
Status : Modified
Published: 2020-04-27T22:15:12.317
Modified: 2023-11-07T03:26:07.743
Link: CVE-2020-7609
JSON object: View
Redhat Information
No data.
CWE