NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the fromJson function. An attacker can cause a denial of service by providing a crafted argument to trigger a null pointer dereference. Remediation A fix was pushed into the master branch but not yet...

CVE-2025-11011 BehaviorTree json_export.cpp fromJson null pointer dereference

A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/jsonexport.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been...

CVE-2025-11011

BehaviorTree.CPP up to version 4.7.0 contains a flaw in JsonExporter::fromJson that can cause a NULL pointer dereference when the Source argument is manipulated. The vulnerability requires local access and a public exploit is available (PoC referenced). A patch is available and named 4b23dcaf0ce9...

PT-2025-39632

Name of the Vulnerable Software and Affected Versions BehaviorTree versions prior to 4.7.0 Description A flaw exists in BehaviorTree due to a null pointer dereference in the JsonExporter::fromJson function located in /src/json export.cpp. Manipulation of the Source argument triggers this issue. T...

GHSA-F78F-353M-CF4J Code Injection in node-rules

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...

Duplicate Advisory: Command Injection in node-rules

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f78f-353m-cf4j. This link is maintained to preserve external references. Original Description Versions of node-rules prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules...

GHSA-8WHR-V3GM-W8H9 Duplicate Advisory: Command Injection in node-rules

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f78f-353m-cf4j. This link is maintained to preserve external references. Original Description Versions of node-rules prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules...

Node-rules Arbitrary Code Execution Vulnerability

Node-rules is a lightweight forward linking rules engine written in JavaScript. An arbitrary code execution vulnerability exists in Node-rules. The vulnerability can be exploited to inject arbitrary commands using the "fromJSON" function...

CVE-2020-7609

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...

Design/Logic Flaw

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...

OS Command Injection

node-rules is vulnerable to OS command injection. The argument rules in the fromJSON in node-rules.js is passed to the eval function without any validation or sanitization, allowing an attacker to inject and execute arbitrary OS commands...

Arbitrary Code Execution

Overview node-rules is a light weight forward chaining Rule Engine, written in JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is located in line 152,153. The argument rules of function fromJSON can be controlled by users without any...