Lucene search

Command Injection in hot-formula-parser

🗓️ 06 May 2020 19:33:32Reported by GitHub Advisory DatabaseType

Vulnerability in hot-formula-parser prior to 3.0.1 allows command injection through user input, leading to potential arbitrary command execution

Reporter	Title	Published	Views	Family All 9
OSV	CVE-2020-6836	11 Jan 202001:15	–	osv
OSV	Command Injection in hot-formula-parser	6 May 202019:32	–	osv
NVD	CVE-2020-6836	11 Jan 202001:15	–	nvd
Veracode	Arbitrary Code Injection	13 Jan 202000:54	–	veracode
Node.js	Command Injection	18 Dec 201914:29	–	nodejs
Cvelist	CVE-2020-6836	11 Jan 202000:42	–	cvelist
CVE	CVE-2020-6836	11 Jan 202001:15	–	cve
Prion	Code injection	11 Jan 202001:15	–	prion
GithubExploit	Exploit for Code Injection in Hot-Formula-Parser Project Hot-Formula-Parser	1 Dec 202009:45	–	githubexploit

Vulners

Node

hot\-formula\-parser_project hot\-formula\-parserRange<3.0.1

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-6836
github	www.github.com/handsontable/formula-parser/pull/58
github	www.github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e
blog	www.blog.truesec.com/2020/01/17/reverse-shell-through-a-node-js-math-parser/
npmjs	www.npmjs.com/advisories/1439
github	www.github.com/advisories/GHSA-rc77-xxq6-4mff

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 May 2020 19:32Current

4.9Medium risk

Vulners AI Score4.9

CVSS27.5

CVSS39.8

EPSS0.00266

CWE-94