4 matches found
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities
Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-10795 DESCRIPTION: Node.js undefsafe module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
CVE-2019-10788
CVE-2019-10788 affects the im-metadata Node.js module (through version 3.0.1), enabling remote command execution via the exec argument due to improper validation of user-supplied input in metadata options. The incident is corroborated across multiple feeds (Red Hat, GHSA, OSV, NVD) and related ad...