Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6587

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.0109EPSS
Exploits1References3
Veracode
Veracode
added 2022/08/03 5:13 a.m.20 views

Command Injection

npos-tesseract is vulnerable to command injection. The vulnerability exists because the module.export function of ocr.js does not properly sanitize the options and image parameters, allowing an attacker to inject and execute malicious code...

9.8CVSS9.4AI score0.0109EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/03 12:0 a.m.7 views

npos-cli (>=0.0.5 <=0.0.6) potentially affected by CVE-2020-28453 via npos-tesseract (=0.0.3)

npos-tesseract NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on npos-tesseract and may be impacted: - npos-cli =0.0.5, =0.0.6 Source cves: CVE-2020-28453 Source advisory: OSV:GHSA-MPWP-PF96-9G4R...

9.8CVSS7.2AI score0.0109EPSS
Exploits1
OSV
OSV
added 2022/08/03 12:0 a.m.5 views

GHSA-MPWP-PF96-9G4R npos-tesseract Command Injection vulnerability

A command injection vulnerability affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...

9.8CVSS5.9AI score0.0109EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/08/03 12:0 a.m.19 views

npos-tesseract Command Injection vulnerability

A command injection vulnerability affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...

9.8CVSS9.4AI score0.0109EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/08/02 2:15 p.m.15 views

CVE-2020-28453

This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...

9.8CVSS0.0109EPSS
Exploits1References1
OSV
OSV
added 2022/08/02 2:15 p.m.4 views

CVE-2020-28453

This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...

9.8CVSS5.8AI score0.0109EPSS
Exploits1References1
Prion
Prion
added 2022/08/02 2:15 p.m.13 views

Code injection

This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...

7.5CVSS9.6AI score0.0109EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/02 1:25 p.m.19 views

CVE-2020-28453 Command Injection

This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js...

9.4CVSS9.7AI score0.0109EPSS
Exploits1References1
CVE
CVE
added 2022/08/02 1:25 p.m.58 views

CVE-2020-28453

CVE-2020-28453 affects all versions of the npm package npos-tesseract. The vulnerability is a command injection flaw caused by improper sanitization at line 55 in lib/ocr.js, enabling injection via options/image parameters. Public sources describe the issue as critical (CVSS up to 9.8 from NVD) w...

9.8CVSS9.7AI score0.0109EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.4 views

PT-2022-8900 · Unknown · Npos-Tesseract

Name of the Vulnerable Software and Affected Versions: npos-tesseract affected versions not specified Description: The issue affects all versions of the package npos-tesseract. It is a command injection vulnerability with the injection point located in line 55 of the lib/ocr.js file...

9.8CVSS9.6AI score0.0109EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2021/01/26 6:40 a.m.5 views

npos-cli (>=0.0.5 <=0.0.6) potentially affected by CVE-2020-28453 via npos-tesseract (=0.0.3)

npos-tesseract NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on npos-tesseract and may be impacted: - npos-cli =0.0.5, =0.0.6 Source cves: CVE-2020-28453 Source advisory: SNYK:JS-NPOSTESSERACT-1051031...

9.8CVSS7.2AI score0.0109EPSS
Exploits1
Snyk
Snyk
added 2021/01/26 6:40 a.m.3 views

Command Injection

Overview npos-tesseract is an OCR tool for npos using tesseract engine Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 55 in lib/ocr.js. PoC var a = require"npos-tesseract"; a.ocr"& touch JHU ","",function; Remediation There is no fixe...

9.8CVSS7.2AI score0.0109EPSS
Exploits1References2
Rows per page
Query Builder