Arbitrary Command Execution in im-resize through 2.3.2

Arbitrary Command Execution in im-resize through 2.3.2

CVE-2019-10787 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.

Learn more about our User Device Pen Test.