CVE-2013-7377

Опубликовано: 23 окт. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.

Ссылки

http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List
Third Party Advisory
https://nodesecurity.io/advisories/codem-transcode_command_injection
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List
Third Party Advisory
https://nodesecurity.io/advisories/codem-transcode_command_injection
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.4:*:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta4:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01272

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

CVE-2013-7377

CVSS3: 8.1

ubuntu

больше 8 лет назад

The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.

GHSA-rph7-j9qr-h8q8

CVSS3: 8.1

github

около 8 лет назад

Potential Command Injection in codem-transcode

EPSS

Процентиль: 79%

0.01272

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-77