20 matches found
📄 node-tesseract-ocr 2.2.1 Command Injection
In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
📄 node-tesseract-ocr 2.2.1 Command Injection
node-tesseract-ocr through version 2.2.1 allows OS command injection in recognize in src/index.js. The package builds a shell command string and executes it with childprocess.exec. Because the input path is only wrapped in double quotes, an attacker can inject shell syntax through a crafted file...
@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +85 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)
node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: SNYK:JS-NODETESSERACTOCR-15874141...
GHSA-8J44-735H-W4W2 node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
EUVD-2026-15461
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +85 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)
node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: OSV:GHSA-8J44-735H-W4W2...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
PT-2026-27801
Name of the Vulnerable Software and Affected Versions node-tesseract-ocr versions through 2.2.1 Description The recognize function in src/index.js is susceptible to OS Command Injection due to insufficient input sanitization. Specifically, the file path parameter is incorporated into a shell...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
CVE-2026-26832
node-tesseract-ocr ≤2.2.1 is vulnerable to OS command injection in recognize() because it builds a shell command string and passes it to child_process.exec() without sanitizing the file path. The vulnerable component is src/index.js (recognize()), affecting all versions up to 2.2.1. The input pat...
Exploit for CVE-2026-26832
CVE-2026-26832: OS command injection in node-tesseract-ocr...
EUVD-2023-1237
Malicious code in bioql PyPI...
CVE-2023-29566
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
Remote code execution in dawnsparks-node-tesseract
dawnsparks-node-tesseract before 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
GHSA-88QF-5F3V-PM6M Remote code execution in dawnsparks-node-tesseract
dawnsparks-node-tesseract before 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
Remote code execution
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
PT-2023-22308 · Unknown · Huedawn-Tesseract +1
Name of the Vulnerable Software and Affected Versions: huedawn-tesseract version 0.3.3 dawnsparks-node-tesseract versions 0.4.0 through 0.4.1 Description: The issue is related to a remote code execution RCE vulnerability via the child process function. Recommendations: For huesdawn-tesseract...
CVE-2023-29566
CVE-2023-29566 affects huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0–0.4.1. Root cause: remote code execution via the child_process function, enabling potential arbitrary code execution. Documents indicate exploitation through unsafely handling image file names/exec usage. Impact is...