WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-28446 Vulnerability in npm package ntesseract

Description

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

Remediation

References

https://security.snyk.io/vuln/SNYK-JS-NTESSERACT-1050982

https://github.com/taoyuan/ntesseract/commit/fcbc36f381798b4362179c0cdf9961b437c7b619

Related Vulnerabilities

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on

CVE-2017-1000043 Vulnerability in npm package mapbox.js

CVE-2022-31777 Vulnerability in maven package org.apache.spark:spark-core_2.12

CVE-2018-11776 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-3696 Vulnerability in npm package mongoose

Severity

Critical

Classification

CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Patch