We found results for “”
CVE-2015-7982
Good to know:
Date: October 25, 2015
gm version 1.20.0 and below are vulnerable to command injection when user input is passed into the arguments of the gm.comparefunction. The compare() function fails to sanitize meta characters correctly before calling the graphics magic binary.
Language: JS
Severity Score
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |