CVE-2019-10787

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10787

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10787.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10787

Aliases

GHSA-r9vm-rhmf-7hxx

Related

SNYK-JS-IMRESIZE-544183

Published

2020-02-04T21:15:10.667Z

Modified

2026-03-13T22:29:45.009001Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.

References

Affected packages

Git / github.com/turistforeningen/node-im-resize

Affected ranges

Type

GIT

Repo

https://github.com/turistforeningen/node-im-resize

Events

Introduced

Last affected

499fe82028337ae55cb61c24696c1ec16f0f9c9a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.2"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.1.0

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10787.json"