12 matches found
EUVD-2021-0859
Malware in sbrugna...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
OS Command Injection in im-metadata
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
GHSA-QFXV-QQVG-24PG OS Command Injection in im-metadata
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10788 via im-metadata (>=2.1.1 <=3.0.1)
im-metadata NPM version =2.1.1, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10788 Source advisory: OSV:GHSA-QFXV-QQVG-24PG...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
Code injection
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
CVE-2019-10788
CVE-2019-10788 affects the im-metadata Node.js module (through version 3.0.1), enabling remote command execution via the exec argument due to improper validation of user-supplied input in metadata options. The incident is corroborated across multiple feeds (Red Hat, GHSA, OSV, NVD) and related ad...
chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10788 via im-metadata (>=2.1.1 <=3.0.1)
im-metadata NPM version =2.1.1, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10788 Source advisory: SNYK:JS-IMMETADATA-544184...
Command Injection
Overview im-metadata is a package to retrieve image metadata as a JSON object using ImageMagick's identify command. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the metadata options which is given to the exec functio...