Количество 2
Количество 2
CVE-2020-6836
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server.
GHSA-rc77-xxq6-4mff
Command Injection in hot-formula-parser
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-6836 grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server. | CVSS3: 9.8 | 1% Низкий | около 6 лет назад |
| GHSA-rc77-xxq6-4mff Command Injection in hot-formula-parser | CVSS3: 9.8 | 1% Низкий | почти 6 лет назад |
Уязвимостей на страницу