hot-formula-parser is vulnerable to arbitrary code injection. The vulnerability exists due to the lack of sanitization of the value of yytext
, which is used in the exec
command.
CPE | Name | Operator | Version |
---|---|---|---|
hot-formula-parser | le | 3.0.0 | |
hot-formula-parser | le | 3.0.0 | |
hot-formula-parser | eq | 2.3.3 |