CVE-2013-7377

EUVD-2017-0353
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
codem-transcode_projectcodem-transcode
0.4.1
codem-transcode_projectcodem-transcode
0.4.2
codem-transcode_projectcodem-transcode
0.4.3
codem-transcode_projectcodem-transcode
0.4.4
codem-transcode_projectcodem-transcode
0.5.0:beta1
codem-transcode_projectcodem-transcode
0.5.0:beta2
codem-transcode_projectcodem-transcode
0.5.0:beta3
codem-transcode_projectcodem-transcode
0.5.0:beta4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nodejs
artful
ignored
bionic
ignored
lucid
dne
precise
ignored
saucy
ignored
trusty
ignored
utopic
ignored
vivid
ignored
wily
ignored
xenial
ignored
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2014/05/13/1
http://www.openwall.com/lists/oss-security/2014/05/15/2
https://nodesecurity.io/advisories/codem-transcode_command_injection
http://www.openwall.com/lists/oss-security/2014/05/13/1
http://www.openwall.com/lists/oss-security/2014/05/15/2
https://nodesecurity.io/advisories/codem-transcode_command_injection