4 matches found
Incomplete Cleanup
Overview Affected versions of this package are vulnerable to Incomplete Cleanup due to the improper cleanup of the streams map. An attacker can cause unbounded memory consumption by repeatedly creating and closing a large number of streams, leading to resource exhaustion. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing large EXIF data structures. An attacker can cause denial of service by sending malicious images. Remediation Upgrade github.com/bep/imagemeta to version 0.10.0 or...
Command Injection
Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...