Vulnerability Description
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Node-Opencv Project | Node-Opencv | < 6.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89bPatchThird Party Advisory
- https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dPatchThird Party Advisory
- https://www.npmjs.com/advisories/789Third Party Advisory
- https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89bPatchThird Party Advisory
- https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dPatchThird Party Advisory
- https://www.npmjs.com/advisories/789Third Party Advisory
FAQ
What is CVE-2019-10061?
CVE-2019-10061 is a vulnerability with a CVSS score of 9.8 (CRITICAL). utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary command...
How severe is CVE-2019-10061?
CVE-2019-10061 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10061?
Check the references section above for vendor advisories and patch information. Affected products include: Node-Opencv Project Node-Opencv.