Hot Formula Parser Project

hot-formula-parser_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Hot Formula Parser

hot-formula-parser

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6836 1Hot Formula Parser Project 1Hot Formula Parser Nov 21, 2024 Jan 11, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eva...Show more grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2020-6836

1Hot Formula Parser Project

1Hot Formula Parser

Nov 21, 2024

Jan 11, 2020

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server.Show less