Description

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

Remediation

References

https://security.snyk.io/vuln/SNYK-JS-NTESSERACT-1050982

https://github.com/taoyuan/ntesseract/commit/fcbc36f381798b4362179c0cdf9961b437c7b619

Related Vulnerabilities

CVE-2021-21368 Vulnerability in maven package org.webjars.npm:msgpack5

CVE-2023-37947 Vulnerability in maven package org.openshift.jenkins:openshift-login

CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core

CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2020-28433 Vulnerability in npm package node-latex-pdf

Severity

Critical

Classification

CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Patch