GHSA-9p64-h5q4-phpm

Source

https://github.com/advisories/GHSA-9p64-h5q4-phpm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-9p64-h5q4-phpm/GHSA-9p64-h5q4-phpm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9p64-h5q4-phpm

Published

2020-09-02T15:44:58Z

Modified

2020-08-31T18:34:44Z

Summary

Remote Code Execution in office-converter

Details

All versions of office-converter are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Database specific

{
    "github_reviewed_at": "2020-08-31T18:34:44Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-20"
    ]
}

References

https://www.npmjs.com/advisories/759

Affected packages

npm / office-converter

Package

Name: office-converter; View open source insights on deps.dev
Purl: pkg:npm/office-converter

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-9p64-h5q4-phpm/GHSA-9p64-h5q4-phpm.json"