Description
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
Remediation
References
https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03
https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183
Related Vulnerabilities
CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer
CVE-2016-4970 Vulnerability in maven package io.netty:netty-handler
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-main
CVE-2023-40787 Vulnerability in maven package org.springblade:blade-core-tool
CVE-2019-17495 Vulnerability in maven package org.webjars.bower:swagger-ui