EUVD-2021-0867

Malware in sbrugna...

CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: OSV:GHSA-R9VM-RHMF-7HXX...

OS Command Injection in im-resize

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

GHSA-R9VM-RHMF-7HXX OS Command Injection in im-resize

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

OS Command Injection

im-resize is vulnerble to OS command injection. Lack of validation allows an attacker to inject and execute arbitrary OS commands on the system using a malicious image path value...

CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

Code injection

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

CVE-2019-10787

CVE-2019-10787 affects the im-resize Node.js module (v2.3.2 and earlier) and is caused by improper validation of the exec/cmd parameters in index.js, enabling remote code execution via crafted input. CVSS v3.1 base score 9.8 (CRITICAL) with network attack, no user interaction. Remediation: upgrad...

CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: SNYK:JS-IMRESIZE-544183...

Command Injection

Overview im-resize is an efficient image resize with support for multiple thumbnail configurations using ImageMagick's convert command. Affected versions of this package are vulnerable to Command Injection. The cmd argument used within index.js, can be controlled by user without any sanitization...