CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-23376

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/TRomesh/ffmpegdotjs/blob/b7395daf0bdcb81218340427eb7073cdd28462af/index.js%23L219
https://snyk.io/vuln/SNYK-JS-FFMPEGDOTJS-1078542
https://github.com/TRomesh/ffmpegdotjs/blob/b7395daf0bdcb81218340427eb7073cdd28462af/index.js%23L219
https://snyk.io/vuln/SNYK-JS-FFMPEGDOTJS-1078542

Products affected by CVE-2021-23376

Ffmpegdotjs Project » Ffmpegdotjs » Version: N/A

cpe:2.3:a:ffmpegdotjs_project:ffmpegdotjs:-
Ffmpegdotjs Project » Ffmpegdotjs » Version: 0.0.2

cpe:2.3:a:ffmpegdotjs_project:ffmpegdotjs:0.0.2
Ffmpegdotjs Project » Ffmpegdotjs » Version: 0.0.3

cpe:2.3:a:ffmpegdotjs_project:ffmpegdotjs:0.0.3
Ffmpegdotjs Project » Ffmpegdotjs » Version: 0.0.4

cpe:2.3:a:ffmpegdotjs_project:ffmpegdotjs:0.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-23376

Products

Pricing

Contact Us