Vulnerability Description
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dnt | Im-Resize | <= 2.3.2 |
Related Weaknesses (CWE)
References
- https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183ExploitPatchThird Party Advisory
- https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183ExploitPatchThird Party Advisory
FAQ
What is CVE-2019-10787?
CVE-2019-10787 is a vulnerability with a CVSS score of 9.8 (CRITICAL). im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
How severe is CVE-2019-10787?
CVE-2019-10787 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10787?
Check the references section above for vendor advisories and patch information. Affected products include: Dnt Im-Resize.