Critical severityGHSA Advisory· Published Jul 25, 2022· Updated Sep 16, 2024
Command Injection
CVE-2020-28435
Description
This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ffmpeg-sdknpm | <= 0.0.5 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-rwvf-c3wm-qm6wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28435ghsaADVISORY
- github.com/CubetLabs/ffmpeg-sdk/blob/master/index.jsghsaWEB
- github.com/shajanjp/ffmpeg-sdk/blob/master/index.jsghsaWEB
- security.snyk.io/vuln/SNYK-JS-FFMPEGSDK-1050429ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.