Description
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
Remediation
References
https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03
https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183
Related Vulnerabilities
CVE-2021-4245 Vulnerability in npm package rfc6902
CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-0044 Vulnerability in maven package io.quarkus:quarkus-security-webauthn
CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server
CVE-2022-41255 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt