CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Github Security Blog•added 2021/05/06 3:55 p.m.•35 views

Command Injection in ffmpegdotjs

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS6.7AI score0.00612EPSS

Exploits1References4Affected Software1

OSV•added 2021/05/06 3:55 p.m.•11 views

GHSA-F39R-CPMJ-WHCG Command Injection in ffmpegdotjs

9.8CVSS9.8AI score0.00612EPSS

Exploits1References4

Veracode•added 2021/04/19 5:31 a.m.•17 views

Arbitrary Command Execution

ffmpegdotjs is vulnerable to arbitrary command execution. Untrusted user input is passed into the trimvideo function and subsequently parsed in exec function. This allows an attacker to execute arbitrary commands on the host OS...

9.8CVSS6.2AI score0.00612EPSS

Exploits1References2Affected Software1

NVD•added 2021/04/18 7:15 p.m.•4 views

CVE-2021-23376

9.8CVSS0.00612EPSS

Exploits1References2

Cvelist•added 2021/04/18 6:40 p.m.•12 views

CVE-2021-23376 Arbitrary Command Injection

9.8CVSS9.9AI score0.00612EPSS

Exploits1References2

ATTACKERKB•added 2021/04/18 6:37 p.m.•0 views

CVE-2021-23376

9.8CVSS5.8AI score0.00612EPSS

Exploits1References3

Snyk•added 2021/02/23 6:25 p.m.•1 views

Arbitrary Command Injection

Overview ffmpegdotjs is a FFMPEG module for nodejs Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

9.8CVSS7.5AI score0.00612EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by