18 matches found
scramble - Remote Code Execution
Exploit Title: scramble - Remote Code Execution Google Dork: inurl:/docs/api.json "dedoc/scramble" Date: 2026-05-07 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll Vendor Homepage: https://scramble.dedoc.co Software Link: https://github.com/dedoc/scramble Version: =0.13.2,...
CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
EUVD-2021-2510
Malware in sbrugna...
Code Injection in node-rules
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
@fanatic/oracle (>=1.0.0 <=1.3.0), @ghg/amplifier (>=0.0.2 <=0.5.7) +8 more potentially affected by CVE-2020-7609 via node-rules (>=3.2.0 <=4.0.2)
node-rules NPM version =3.2.0, =1.0.0, =0.0.2, =0.0.2, =0.0.13, =0.0.1, =0.0.1, =0.2.7, =0.2.2, =0.2.3 Source cves: CVE-2020-7609 Source advisory: OSV:GHSA-F78F-353M-CF4J...
GHSA-F78F-353M-CF4J Code Injection in node-rules
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
Duplicate Advisory: Command Injection in node-rules
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f78f-353m-cf4j. This link is maintained to preserve external references. Original Description Versions of node-rules prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules...
GHSA-8WHR-V3GM-W8H9 Duplicate Advisory: Command Injection in node-rules
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f78f-353m-cf4j. This link is maintained to preserve external references. Original Description Versions of node-rules prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules...
Node-rules Arbitrary Code Execution Vulnerability
Node-rules is a lightweight forward linking rules engine written in JavaScript. An arbitrary code execution vulnerability exists in Node-rules. The vulnerability can be exploited to inject arbitrary commands using the "fromJSON" function...
CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
Design/Logic Flaw
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
CVE-2020-7609
CVE-2020-7609 affects the node-rules JavaScript engine. The vulnerability arises because the rules in function "fromJSON()" can be controlled by users without sanitization, enabling injection of arbitrary commands and potentially OS command execution. Affected range is described as 3.0.0 up to be...
CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON" can be controlled by users without any sanitization...
Command Injection
Overview Versions of node-rules prior to 5.0.0 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an eval call when using the fromJSON function. This may allow attackers to execute arbitrary code in the system if the rules are user-controlled...
OS Command Injection
node-rules is vulnerable to OS command injection. The argument rules in the fromJSON in node-rules.js is passed to the eval function without any validation or sanitization, allowing an attacker to inject and execute arbitrary OS commands...
@fanatic/oracle (>=1.0.0 <=1.3.0), @ghg/amplifier (>=0.0.2 <=0.5.7) +8 more potentially affected by CVE-2020-7609 via node-rules (>=3.2.0 <=4.0.2)
node-rules NPM version =3.2.0, =1.0.0, =0.0.2, =0.0.2, =0.0.13, =0.0.1, =0.0.1, =0.2.7, =0.2.2, =0.2.3 Source cves: CVE-2020-7609 Source advisory: SNYK:JS-NODERULES-560426...
Arbitrary Code Execution
Overview node-rules is a light weight forward chaining Rule Engine, written in JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is located in line 152,153. The argument rules of function fromJSON can be controlled by users without any...