4 matches found
CVE-2023-2564 OS Command Injection in sbs20/scanservjs
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...
CVE-2023-2564 OS Command Injection in sbs20/scanservjs
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...
PT-2023-20202 · Unknown · Sbs20/Scanservjs
Name of the Vulnerable Software and Affected Versions: sbs20/scanservjs versions prior to 2.27.0 Description: The issue is related to OS Command Injection in the GitHub repository sbs20/scanservjs. Recommendations: For versions prior to 2.27.0, update to version 2.27.0 or later to resolve the iss...
CVE-2023-2564
CVE-2023-2564 describes an OS Command Injection in sbs20/scanservjs before v2.27.0. The vulnerability arises in the server’s REST APIs for scanning and preview, where arrays of strings in POST bodies are interpolated into shell commands (via Process.spawn/scanimage), allowing an attacker to injec...