Arbitrary Command Injection Vulnerability in node-rules (<=5.0.0)

CVE-2020-7609 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

Learn more about our User Device Pen Test.