CVE-2020-7609

Summary

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

Affected Software

VendorProductVersion RangeStatus
n/anode-rulesAll versions including 3.0.0 and prior to 5.0.0affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References