5 matches found
npos-cli (>=0.0.5 <=0.0.6) potentially affected by CVE-2020-28453 via npos-tesseract (=0.0.3)
npos-tesseract NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on npos-tesseract and may be impacted: - npos-cli =0.0.5, =0.0.6 Source cves: CVE-2020-28453 Source advisory: OSV:GHSA-MPWP-PF96-9G4R...
CVE-2020-28453
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453 Command Injection
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453
CVE-2020-28453 affects all versions of the npm package npos-tesseract. The vulnerability is a command injection flaw caused by improper sanitization at line 55 in lib/ocr.js, enabling injection via options/image parameters. Public sources describe the issue as critical (CVSS up to 9.8 from NVD) w...