Hot Formula Parser
1 CVEs
product
Monthly
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
RCE
Code Injection
Hot Formula Parser
NVD
GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-6836
npm
EPSS 2%
CVSS 9.8
CRITICAL
PATCH
Act Now
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
RCE
Code Injection
+1
NVD
GitHub