CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

EUVD-2021-1061

Malware in sbrugna...

brew-js (>=0.1.0 <=0.1.8), buildr (>=0.2.0 <=0.8.7) +9 more potentially affected by CVE-2020-7604 via pulverizr (=0.7.0)

pulverizr NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on pulverizr and may be impacted: - brew-js =0.1.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =1.0.0, =0.1.0, =0.0.11, =0.0.12 Source cves: CVE-2020-7604 Source advisory:...

OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

GHSA-FMF5-J5J9-99PP OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

The vulnerability of the Pulverizr package in the NPM package manager allows a hacker to execute arbitrary commands.

The vulnerability of the Pulverizr package exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by creating a file with malicious content and the name lib/job.js...

OS Command Injection

pulverizr is vulnerable to OS Command Injection. The vulnerability exists as the value of src is improperly handled by src/command.js...

OS Command Injection

pulverizr is vulnerable to OS Command Injection. The vulnerability exists as the value of filename is improperly handled by lib/job.js...

Pulverizr Injection Vulnerability

pulverizr is an image compressor. A security vulnerability exists in pulverizr 0.7.0 and earlier versions, which stems from a failure to perform any cleanup on the 'filename' parameter, which is directly used by the function. The vulnerability can be exploited to execute arbitrary commands...

CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

Command injection

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

CVE-2020-7604

Vulnerability summary for CVE-2020-7604: Pulverizr

brew-js (>=0.1.0 <=0.1.8), buildr (>=0.2.0 <=0.8.7) +9 more potentially affected by CVE-2020-7604 via pulverizr (=0.7.0)

pulverizr NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on pulverizr and may be impacted: - brew-js =0.1.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =1.0.0, =0.1.0, =0.0.11, =0.0.12 Source cves: CVE-2020-7604 Source advisory:...

Command Injection

Overview pulverizr is a to smash your images down to size. Affected versions of this package are vulnerable to Command Injection. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable filename to construct the argument of the exec call without...