VYPR

npm package

gm

pkg:npm/gm

Vulnerabilities (1)

  • CVE-2015-7982criSep 1, 2020
    affected < 1.21.1fixed 1.21.1

    Versions of `gm` prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into `gm.compare()`, which fails to sanitize input correctly before calling the graphics magic binary. ## Recommendation Update to versi