13 matches found
EUVD-2022-6587
Malicious code in bioql PyPI...
Command Injection
npos-tesseract is vulnerable to command injection. The vulnerability exists because the module.export function of ocr.js does not properly sanitize the options and image parameters, allowing an attacker to inject and execute malicious code...
npos-cli (>=0.0.5 <=0.0.6) potentially affected by CVE-2020-28453 via npos-tesseract (=0.0.3)
npos-tesseract NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on npos-tesseract and may be impacted: - npos-cli =0.0.5, =0.0.6 Source cves: CVE-2020-28453 Source advisory: OSV:GHSA-MPWP-PF96-9G4R...
GHSA-MPWP-PF96-9G4R npos-tesseract Command Injection vulnerability
A command injection vulnerability affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
npos-tesseract Command Injection vulnerability
A command injection vulnerability affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
Code injection
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453 Command Injection
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...
CVE-2020-28453
CVE-2020-28453 affects all versions of the npm package npos-tesseract. The vulnerability is a command injection flaw caused by improper sanitization at line 55 in lib/ocr.js, enabling injection via options/image parameters. Public sources describe the issue as critical (CVSS up to 9.8 from NVD) w...
PT-2022-8900 · Unknown · Npos-Tesseract
Name of the Vulnerable Software and Affected Versions: npos-tesseract affected versions not specified Description: The issue affects all versions of the package npos-tesseract. It is a command injection vulnerability with the injection point located in line 55 of the lib/ocr.js file...
npos-cli (>=0.0.5 <=0.0.6) potentially affected by CVE-2020-28453 via npos-tesseract (=0.0.3)
npos-tesseract NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on npos-tesseract and may be impacted: - npos-cli =0.0.5, =0.0.6 Source cves: CVE-2020-28453 Source advisory: SNYK:JS-NPOSTESSERACT-1051031...
Command Injection
Overview npos-tesseract is an OCR tool for npos using tesseract engine Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 55 in lib/ocr.js. PoC var a = require"npos-tesseract"; a.ocr"& touch JHU ","",function; Remediation There is no fixe...