CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: OSV:GHSA-R9VM-RHMF-7HXX...

OS Command Injection

im-resize is vulnerble to OS command injection. Lack of validation allows an attacker to inject and execute arbitrary OS commands on the system using a malicious image path value...