11 matches found
EUVD-2021-1053
Malware in sbrugna...
Command Injection in ffmpegdotjs
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
GHSA-F39R-CPMJ-WHCG Command Injection in ffmpegdotjs
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
Arbitrary Command Execution
ffmpegdotjs is vulnerable to arbitrary command execution. Untrusted user input is passed into the trimvideo function and subsequently parsed in exec function. This allows an attacker to execute arbitrary commands on the host OS...
CVE-2021-23376
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
Design/Logic Flaw
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23376
CVE-2021-23376 affects all versions of ffmpegdotjs. The root cause is the use of Node.js child_process.exec in the trimvideo function without input sanitization, enabling attacker-controlled input to execute arbitrary commands. Documented impact is arbitrary command execution with network access,...
CVE-2021-23376 Arbitrary Command Injection
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23376
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
npm ffmpegdotjs 命令注入漏洞
npm ffmpegdotjs is an application from the American company npm. It is used for image creation. A security vulnerability exists in ffmpegdotjs, which can be exploited by an attacker to potentially execute arbitrary commands...
Arbitrary Command Injection
Overview ffmpegdotjs is a FFMPEG module for nodejs Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...