EPSS
Percentile
72.1%
node-rules is vulnerable to OS command injection. The argument rules in the fromJSON() in node-rules.js is passed to the eval function without any validation or sanitization, allowing an attacker to inject and execute arbitrary OS commands.
fromJSON()
node-rules.js
eval
github.com/mithunsatheesh/node-rules/blob/4.0.2/lib/node-rules.js#L145-L161
github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832
github.com/mithunsatheesh/node-rules/commit/100862223904bb6478fcc33b701c7dee11f7b832,
github.com/mithunsatheesh/node-rules/issues/84