OS Command Injection in node-opencv

2021-10-1222:06:57

Google

osv.dev

node.js

opencv

command injection

vulnerability

user input

arbitrary commands

EPSS

0.006

Percentile

78.0%

JSON

utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.

References

github.com/peterbraden/node-opencv

github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b

github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563

nvd.nist.gov/vuln/detail/CVE-2019-10061

www.npmjs.com/advisories/789

www.npmjs.com/package/opencv

EPSS

0.006

Percentile

78.0%

JSON

Related for OSV:GHSA-MC7W-4CJF-C973