CVE-2020-6836
The CVE-2020-6836 entry refers to an arbitrary code injection in the hot-formula-parser package for Node.js, caused by grammar-parser.jison when parsing user-supplied input. Versions prior to 3.0.1 concatenate input into an eval call, enabling an attacker-controlled formula to execute arbitrary c...