VYPR

npm package

node-rules

pkg:npm/node-rules

Vulnerabilities (1)

  • CVE-2020-7609Apr 27, 2020
    affected >= 3.0.0, < 5.0.0fixed 5.0.0

    node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.