CVE-2013-7377

HIGH

codem-transcode < 0.5.0 - Remote Code Execution via /probe POST Request

Title source: llm
STIX 2.1

Description

The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/13/1

Scores

CVSS v3 8.1
EPSS 0.0198
EPSS Percentile 78.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (6)
codem-transcode_project/codem-transcode 0.4.1
codem-transcode_project/codem-transcode 0.4.2
codem-transcode_project/codem-transcode 0.4.3
codem-transcode_project/codem-transcode 0.4.4
codem-transcode_project/codem-transcode 0.5.0 beta1 (4 CPE variants)
npm/codem-transcode 0 - 0.5.0npm
Published Oct 23, 2017
Tracked Since Feb 18, 2026