Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by node-opencv_project

    CVE-2019-10061 (GCVE-0-2019-10061)

    Vulnerability from cvelistv5 – Published: 2019-03-26 00:07 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:09.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.npmjs.com/advisories/789"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T00:17:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.npmjs.com/advisories/789"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10061",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.npmjs.com/advisories/789",
                  "refsource": "MISC",
                  "url": "https://www.npmjs.com/advisories/789"
                },
                {
                  "name": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b",
                  "refsource": "MISC",
                  "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
                },
                {
                  "name": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563",
                  "refsource": "MISC",
                  "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10061",
        "datePublished": "2019-03-26T00:07:20.000Z",
        "dateReserved": "2019-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:09.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16067 (GCVE-0-2017-16067)

    Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
    Severity
    No CVSS data available.
    CWE
    • CWE-506 - Embedded Malicious Code (CWE-506)
    Assigner
    References
    URL Tags
    https://nodesecurity.io/advisories/506 x_refsource_MISC
    Impacted products
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:13:07.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodesecurity.io/advisories/506"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "node-opencv node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-506",
                  "description": "Embedded Malicious Code (CWE-506)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodesecurity.io/advisories/506"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2017-16067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "node-opencv node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Embedded Malicious Code (CWE-506)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nodesecurity.io/advisories/506",
                  "refsource": "MISC",
                  "url": "https://nodesecurity.io/advisories/506"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-16067",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-10-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:25.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10061 (GCVE-0-2019-10061)

    Vulnerability from nvd – Published: 2019-03-26 00:07 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:09.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.npmjs.com/advisories/789"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T00:17:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.npmjs.com/advisories/789"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10061",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.npmjs.com/advisories/789",
                  "refsource": "MISC",
                  "url": "https://www.npmjs.com/advisories/789"
                },
                {
                  "name": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b",
                  "refsource": "MISC",
                  "url": "https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b"
                },
                {
                  "name": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563",
                  "refsource": "MISC",
                  "url": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10061",
        "datePublished": "2019-03-26T00:07:20.000Z",
        "dateReserved": "2019-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:09.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16067 (GCVE-0-2017-16067)

    Vulnerability from nvd – Published: 2018-06-07 02:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
    Severity
    No CVSS data available.
    CWE
    • CWE-506 - Embedded Malicious Code (CWE-506)
    Assigner
    References
    URL Tags
    https://nodesecurity.io/advisories/506 x_refsource_MISC
    Impacted products
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:13:07.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodesecurity.io/advisories/506"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "node-opencv node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-506",
                  "description": "Embedded Malicious Code (CWE-506)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodesecurity.io/advisories/506"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2017-16067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "node-opencv node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Embedded Malicious Code (CWE-506)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://nodesecurity.io/advisories/506",
                  "refsource": "MISC",
                  "url": "https://nodesecurity.io/advisories/506"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-16067",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-10-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:25.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }