VYPR
High severityGHSA Advisory· Published Aug 31, 2020· Updated Sep 23, 2021

Unauthenticated Remote Command Injection in ep_imageconvert

CVE-2013-3364

Description

ep_imageconvert is a plugin for Etherpad Lite. ep_imageconvert <= 0.0.2 is vulnerable to remote command injection.

Authentication is not required for remote exploitation.

Recommendation

Update to version 0.0.3 or greater.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ep_imageconvertnpm
< 0.0.30.0.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.