GHSA-f78f-353m-cf4j

Опубликовано: 10 дек. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Code Injection in node-rules

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-7609
https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832
https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832,
https://snyk.io/vuln/SNYK-JS-NODERULES-560426

Пакеты

Наименование

node-rules

npm

Затронутые версииВерсия исправления

>= 3.0.0, < 5.0.0

5.0.0

EPSS

Процентиль: 61%

0.00418

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-7609

Дефекты

CWE-94

Связанные уязвимости

CVE-2020-7609

CVSS3: 9.8

nvd

почти 6 лет назад

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

EPSS

Процентиль: 61%

0.00418

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-7609

Дефекты

CWE-94