High severity8.1NVD Advisory· Published Oct 23, 2017· Updated May 13, 2026
CVE-2013-7377
CVE-2013-7377
Description
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
codem-transcodenpm | < 0.5.0 | 0.5.0 |
Affected products
8cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:codem-transcode_project:codem-transcode:0.5.0:beta4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.openwall.com/lists/oss-security/2014/05/13/1nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2014/05/15/2nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-rph7-j9qr-h8q8ghsaADVISORY
- nodesecurity.io/advisories/codem-transcode_command_injectionnvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2013-7377ghsaADVISORY
- www.npmjs.com/advisories/2ghsaWEB
News mentions
0No linked articles in our index yet.