The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| codem-transcode_project | codem-transcode | 0.4.1 |
| codem-transcode_project | codem-transcode | 0.4.4 |
| codem-transcode_project | codem-transcode | 0.4.2 |
| codem-transcode_project | codem-transcode | 0.5.0 |
| codem-transcode_project | codem-transcode | 0.4.3 |