im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the “exec” argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
[
{
"product": "im-resize",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]