node-imagickal icon indicating copy to clipboard operation
node-imagickal copied to clipboard
verified publisher icon martinj

Does not sanitize/escape paths

Open mmtftr opened this issue 4 years ago • 0 comments

File paths are not escaped so when there are spaces the program just passes them on. This is even more dangerous because arbitrary code execution is possible via shell syntax.

Solution: shell-escape the given path for security.

mmtftr avatar Sep 22 '21 18:09 mmtftr