Description
A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.3.0, <= 0.11.0
References
Related Issues
- Prototype Pollution in jquery-deparam - CVE-2021-20087
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- mapshaper Path Traversal vulnerability - CVE-2024-1163
- Langchain Path Traversal vulnerability - CVE-2024-7774
- Tags:
- npm
- files.photo.gallery
Anything's wrong? Let us know Last updated on February 06, 2025