Node-Opencv Project: >> Node-Opencv Security Vulnerabilities
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.066
Published
2019-03-26
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07