Vulnerability Description
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Node-Rules Project | Node-Rules | >= 3.0.0, < 5.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c
- https://snyk.io/vuln/SNYK-JS-NODERULES-560426ExploitPatchThird Party Advisory
- https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701cPatchThird Party Advisory
- https://github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c
- https://snyk.io/vuln/SNYK-JS-NODERULES-560426ExploitPatchThird Party Advisory
FAQ
What is CVE-2020-7609?
CVE-2020-7609 is a vulnerability with a CVSS score of 9.8 (CRITICAL). node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
How severe is CVE-2020-7609?
CVE-2020-7609 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7609?
Check the references section above for vendor advisories and patch information. Affected products include: Node-Rules Project Node-Rules.