CVE-2019-10788
N/A
N/A
Summary
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | im-metadata | All versions | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184
- https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639
References
- https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184
- https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.