CVE-2019-10788 Vulnerability in npm package im-metadata

Description

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.

Remediation

References

https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639

https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184

Related Vulnerabilities

CVE-2021-27884 Vulnerability in npm package yapi-vendor

CVE-2018-11537 Vulnerability in maven package org.webjars:angular-jwt

CVE-2021-23346 Vulnerability in npm package html-parse-stringify2

CVE-2021-44908 Vulnerability in npm package sails

CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H