PT-2022-8891 · Unknown · Ffmpeg-Sdk

Published

2022-07-25

Updated

2022-07-31

CVE-2020-28435

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ffmpeg-sdk versions (all versions)

Description A command injection issue affects the package. The injection point is located in line 9 in index.js.

Recommendations For all versions, consider disabling or restricting access to the vulnerable code in index.js until a patch is available. Restrict execution of commands to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2020-28435

GHSA-RWVF-C3WM-QM6W

Affected Products

Ffmpeg-Sdk

PT-2022-8891 · Unknown · Ffmpeg-Sdk

CVE-2020-28435

Weakness Enumeration

Related Identifiers

Affected Products

References · 5