5 matches found
CVE-2019-10787
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...
chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)
im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: OSV:GHSA-R9VM-RHMF-7HXX...
Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities
Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-10795 DESCRIPTION: Node.js undefsafe module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a...
CVE-2019-10787
CVE-2019-10787 affects the im-resize Node.js module (v2.3.2 and earlier) and is caused by improper validation of the exec/cmd parameters in index.js, enabling remote code execution via crafted input. CVSS v3.1 base score 9.8 (CRITICAL) with network attack, no user interaction. Remediation: upgrad...
chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)
im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: SNYK:JS-IMRESIZE-544183...