Vulnerability Details CVE-2013-7377
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.6%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- http://www.openwall.com/lists/oss-security/2014/05/13/1
- http://www.openwall.com/lists/oss-security/2014/05/15/2
- https://nodesecurity.io/advisories/codem-transcode_command_injection
- http://www.openwall.com/lists/oss-security/2014/05/13/1
- http://www.openwall.com/lists/oss-security/2014/05/15/2
- https://nodesecurity.io/advisories/codem-transcode_command_injection
Products affected by CVE-2013-7377
-
cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.1
-
cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.2
-
cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.3
-
cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.4
-
cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0