Advisories for Npm/Mobile-Icon-Resizer package

2019

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in mobile-icon-resizer.

2018

Arbitrary Code Injection

mobile-icon-resizer has a code execution vulnerability via the image resizing configuration: the parameters ratio and baseRatio are passed directly to eval(), thus allowing dynamic javascript payloads to be executed.