High severityGHSA Advisory· Published Aug 31, 2020· Updated Sep 23, 2021
Unauthenticated Remote Command Injection in ep_imageconvert
CVE-2013-3364
Description
ep_imageconvert is a plugin for Etherpad Lite. ep_imageconvert <= 0.0.2 is vulnerable to remote command injection.
Authentication is not required for remote exploitation.
Recommendation
Update to version 0.0.3 or greater.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ep_imageconvertnpm | < 0.0.3 | 0.0.3 |
Affected products
1- Range: <= 0.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.