GHSA-pjh3-jv7w-9jpr

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Command Injection in gm

Versions of gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into gm.compare(), which fails to sanitize input correctly before calling the graphics magic binary.

Recommendation

Update to version 1.21.1 or later.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2015-7982
https://github.com/aheckmann/gm/commit/5f5c77490aa84ed313405c88905eb4566135be31
https://www.npmjs.com/advisories/54

Пакеты

Наименование

npm

Затронутые версииВерсия исправления

<= 1.20.0

1.21.1

CVE ID

CVE-2015-7982

Дефекты

CWE-77

Связанные уязвимости

CVE-2015-7982

debian

Описание отсутствует

CVE ID

CVE-2015-7982

Дефекты

CWE-77