Critical severityNVD Advisory· Published Aug 29, 2022· Updated Sep 17, 2024
Arbitrary Command Injection
CVE-2022-21165
Description
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
font-converternpm | <= 1.1.1 | — |
Affected products
2- font-converter/font-converterdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-g2c3-vwff-m3xrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21165ghsaADVISORY
- github.com/zgec/node-js-font-converter/blob/master/index.jsghsaWEB
- github.com/zgec/node-js-font-converter/blob/master/index.js%23L12mitrex_refsource_MISC
- security.snyk.io/vuln/SNYK-JS-FONTCONVERTER-2976194ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.