Arbitrary Code Execution
Overview node-rules is a light weight forward chaining Rule Engine, written in JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is located in line 152,153. The argument rules of function fromJSON can be controlled by users without any...