0.004 Low
EPSS
Percentile
72.1%
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function “fromJSON()” can be controlled by users without any sanitization.
github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832
github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832,
nvd.nist.gov/vuln/detail/CVE-2020-7609
snyk.io/vuln/SNYK-JS-NODERULES-560426