Home / Early Warning / Vulnerabilidades / CVE-2021-23376

CVE-2021-23376

Type: 
Command Injection
Severity: 
High
Publication date: 
04/18/2021
Last modified: 
04/22/2021
Description
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:ffmpegdotjs_project:ffmpegdotjs:*:*:*:*:*:node.js:*:*
To consult the complete list of products and versions see this page
Explanation of fields