ffmpegdotjs is vulnerable to arbitrary command execution. Untrusted user input is passed into the trimvideo
function and subsequently parsed in exec
function. This allows an attacker to execute arbitrary commands on the host OS.
CPE | Name | Operator | Version |
---|---|---|---|
ffmpegdotjs | eq | 0.0.4 |