CVE-2019-10787

Published February 4th, 2020

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

HIGH

Affected

PROJECT

Description

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.

Turistforeningen/node-im-resize

Efficient image resize with multiple versions support

GitHub