The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| codem-transcode(npm) | 0 | 0.5.0 | N/A |
CVSS Metrics
