CVE-2019-10787

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10787

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10787.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10787

Aliases

GHSA-r9vm-rhmf-7hxx

Related

SNYK-JS-IMRESIZE-544183

Published

2020-02-04T21:15:10.667Z

Modified

2025-11-14T09:04:08.442558Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.

References

Affected packages

Git / github.com/turistforeningen/node-im-resize

Affected ranges

Type: GIT
Repo: https://github.com/turistforeningen/node-im-resize
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

de624dacf6a50e39fe3472af1414d44937ce1f03

Affected versions

v1.*

v1.0.0

v1.1.0

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10787.json"