2 matches found
CVE-2026-43893
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...
CVE-2026-43893
CVE-2026-43893 affects the node package exiftool-vendored , which starts ExifTool in -stay_open True -@ - mode and reads arguments from stdin. In affected versions prior to 35.19.0, attacker-controlled strings could contain line delimiters, causing a single argument to split into multiple ExifToo...