Описание
Arbitrary code execution in djv
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Пакеты
Наименование
djv
npm
Затронутые версииВерсия исправления
< 2.1.4
2.1.4
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.