promise-probe OS command injection vulnerability

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization...

Promise-probe Command Injection Vulnerability

Promise-probe is a probe module. A command injection vulnerability exists in promise-probe versions prior to 0.10.0. The vulnerability stems from a network system or product not properly filtering specific elements of externally entered data during the construction of executable commands. An...

CVE-2019-10791

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization...

CVE-2019-10791

The CVE-2019-10791 issue affects the Node.js module promise-probe. The root cause is lack of sanitization in the file, outputFile and options functions, enabling remote command injection when untrusted input is used. Public references from Red Hat, GHSA, OSV, and Snyk corroborate a severe impact ...

Command Injection

Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...