1.1.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

font-converter-project

critical

NVD

Published: 2022-08-29

Updated: 2023-08-08

Summary

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.

Vulnerable Configurations

Part	Description	Count
Application	Font_Converter_Project Font Converter Project Font Converter 1.0.0 Font Converter Project Font Converter 1.1.0 Font Converter Project Font Converter 1.1.1	3

References

https://security.snyk.io/vuln/SNYK-JS-FONTCONVERTER-2976194
https://github.com/zgec/node-js-font-converter/blob/master/index.js%23L12