Advisories for Npm/Gm package

2015

Command Injection in gm.compare function

gm is vulnerable to command injection when user input is passed into the arguments of the gm.compare function. The compare() function fails to sanitize meta characters correctly before calling the graphics magic binary.