GHSA-5wjw-qjhm-v43h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5wjw-qjhm-v43h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-5wjw-qjhm-v43h/GHSA-5wjw-qjhm-v43h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5wjw-qjhm-v43h
- Aliases
-
- CVE-2024-53615
- Published
- 2025-01-30T15:31:39Z
- Modified
- 2025-02-06T17:42:10.233566Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- files.photo.gallery command injection
- Details
-
A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2025-02-06T17:20:24Z", "nvd_published_at": "2025-01-30T15:15:17Z", "cwe_ids": [ "CWE-77" ], "severity": "MODERATE" }- References
Affected packages
npm / files.photo.gallery
Package
- Name
- files.photo.gallery
- View open source insights on deps.dev
- Purl
- pkg:npm/files.photo.gallery