11 matches found
📄 node-tesseract-ocr 2.2.1 Command Injection
In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
📄 node-tesseract-ocr 2.2.1 Command Injection
node-tesseract-ocr through version 2.2.1 allows OS command injection in recognize in src/index.js. The package builds a shell command string and executes it with childprocess.exec. Because the input path is only wrapped in double quotes, an attacker can inject shell syntax through a crafted file...
@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +86 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)
node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: SNYK:JS-NODETESSERACTOCR-15874141...
@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +86 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)
node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: OSV:GHSA-8J44-735H-W4W2...
GHSA-8J44-735H-W4W2 node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
CVE-2026-26832
node-tesseract-ocr ≤2.2.1 is vulnerable to OS command injection in recognize() because it builds a shell command string and passes it to child_process.exec() without sanitizing the file path. The vulnerable component is src/index.js (recognize()), affecting all versions up to 2.2.1. The input pat...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
Exploit for CVE-2026-26832
CVE-2026-26832: OS command injection in node-tesseract-ocr...