AI Score
Confidence
High
EPSS
Percentile
71.8%
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the “exec” argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the “exec” function.
github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639
snyk.io/vuln/SNYK-JS-IMMETADATA-544184