CVE-2015-7982 — Command Injection in gm

Description

Versions of `gm` prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into `gm.compare()`, which fails to sanitize input correctly before calling the graphics magic binary. ## Recommendation Update to version 1.21.1 or later.

How to fix CVE-2015-7982

To remediate CVE-2015-7982, upgrade the affected package to a fixed version below.

npm/gm—upgrade to 1.21.1 or later

Is CVE-2015-7982 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2015-7982.

Affected packages (1)

from 0, < 1.21.1

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-7982
PATCHgithub.com/aheckmann/gm
WEBgithub.com/aheckmann/gm/commit/5f5c77490aa84ed313405c88905eb4566135be31
WEBwww.npmjs.com/advisories/54