GHSA-W868-4576-RV24 ntesseract vulnerable to Command Injection

The package ntesseract before 0.2.9 is vulnerable to Command Injection via lib/tesseract.js...

ntesseract vulnerable to Command Injection

The package ntesseract before 0.2.9 is vulnerable to Command Injection via lib/tesseract.js...

Command injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

CVE-2020-28446 Command Injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

EUVD-2022-6430

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js...

CVE-2020-28446

The CVE-2020-28446 entry concerns ntesseract prior to 0.2.9, with a vulnerability in lib/tesseract.js that allows Command Injection. Veracode and OSV corroborate a vulnerability enabling remote command execution via the tesseract.js component; Snyk provides a PoC and confirms the remediation: upg...

Command Injection

Overview ntesseract is a simple wrapper for the Tesseract OCR package for node.js Affected versions of this package are vulnerable to Command Injection via lib/tesseract.js. PoC: var a =require"ntesseract"; a.process"& touch JHU ","",function Remediation Upgrade ntesseract to version 0.2.9 or...