json-logic-js Command Injection vulnerability

Severity:: High

Description

A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227.

Recommendation

Update the json-logic-js package to the latest compatible version. Followings are version details:

Affected version(s): < 2.0.1
Patched version(s): 2.0.1

References

GHSA-67j4-2mh6-8627
vuldb.com
CVE-2021-4329
CWE-77
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Command Injection Vulnerability - CVE-2021-21315
Command Injection Vulnerability in systeminformation - CVE-2021-21388
systeminformation has a Command Injection vulnerability in fsSize() function on Windows - CVE-2025-68154
Command injection in github-todos - CVE-2021-44684

How do hackers hack websites?

CSRF, XXE, and 12 Other Security Acronyms Explained

These 7 PHP mistakes leave your website open to the hackers

Tags:: npm; json-logic-js

Anything's wrong? Let us know Last updated on September 23, 2024