← Back to CVE List
CVE-2020-7609
node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt