Description
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
Remediation
References
https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03
https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183
Related Vulnerabilities
CVE-2021-23460 Vulnerability in npm package min-dash
CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-api
CVE-2018-14732 Vulnerability in npm package webpack-dev-server
CVE-2021-39227 Vulnerability in npm package zrender
CVE-2022-36890 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework