CVE-2019-10788 Vulnerability in npm package im-metadata

Description

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.

Remediation

References

https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639

https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184

Related Vulnerabilities

CVE-2016-10735 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap

CVE-2023-25572 Vulnerability in npm package ra-ui-materialui

CVE-2023-45138 Vulnerability in maven package org.xwiki.contrib.changerequest:application-changerequest-ui

CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-common-config

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H