CVE-2020-7609
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
Node-rules is a light weight forward chaining rule engine that can be used in JavaScript and TypeScript based projects.
GitHub