VYPR
Critical severityOSV Advisory· Published Apr 27, 2020· Updated Aug 4, 2024

CVE-2020-7609

CVE-2020-7609

Description

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
node-rulesnpm
>= 3.0.0, < 5.0.05.0.0

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.