npm

Severity: critical

Command Injection

gm

Overview

Versions of gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into gm.compare(), which fails to sanitize input correctly before calling the graphics magic binary.

Remediation

Update to version 1.21.1 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Oct 26th, 2015
  2. reported

    Initial report by Brendan Scarvell of Console
    Oct 26th, 2015