CVE-2019-10788

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10788

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10788.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10788

Aliases

GHSA-qfxv-qqvg-24pg

Related

SNYK-JS-IMMETADATA-544184

Published

2020-02-04T21:15:10.730Z

Modified

2025-11-20T10:55:22.589781Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.

References

Affected packages

Git / github.com/turistforeningen/node-im-metadata

Affected ranges

Type: GIT
Repo: https://github.com/turistforeningen/node-im-metadata
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ea15dddbe0f65694bfde36b78dd488e90f246639

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.2.2

v3.*

v3.0.0

v3.0.1