Mithun Satheesh

CVE-2020-7609 WRITEUP CRITICAL WRITEUP

node-rules 3.0.0-5.0.0 - Remote Code Execution via fromJSON() Argument Injection

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

CVSS 9.8

View Code

CVE-2020-7609 WRITEUP CRITICAL WRITEUP

node-rules 3.0.0-5.0.0 - Remote Code Execution via fromJSON() Argument Injection

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

CVSS 9.8

View Code