2 matches found
chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10788 via im-metadata (>=2.1.1 <=3.0.1)
im-metadata NPM version =2.1.1, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10788 Source advisory: SNYK:JS-IMMETADATA-544184...
Command Injection
Overview im-metadata is a package to retrieve image metadata as a JSON object using ImageMagick's identify command. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the metadata options which is given to the exec functio...