Impact
A flaw in remotion-dev remotion version 4.0.409 permits an attacker to execute arbitrary code. The vulnerability is identified as a remote code execution (CWE‑94) and allows execution with the privilege level of the application, potentially compromising the host system.
Affected Systems
The affected product is remotion-dev remotion version 4.0.409. No other affected versions are listed.
Risk and Exploitability
The CVSS score of 9.8 indicates a critical flaw. The EPSS score is reported as less than 1 %, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because the bug is listed as a remote code execution flaw, it can be triggered from an external source.
OpenCVE Enrichment
Github GHSA