8 matches found
CVE-2023-2564
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...
CVE-2023-2564
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...
scanservjs 操作系统命令注入漏洞
scanservjs is a Web UI front-end for scanners by Sam Strachan, a personal developer in the UK. Allows sharing of one or more scanners on a network using SANE without drivers or complex installation. An operating system command injection vulnerability exists in versions of scanservjs prior to...
CVE-2023-2564
CVE-2023-2564 describes an OS Command Injection in sbs20/scanservjs before v2.27.0. The vulnerability arises in the server’s REST APIs for scanning and preview, where arrays of strings in POST bodies are interpolated into shell commands (via Process.spawn/scanimage), allowing an attacker to injec...
CVE-2023-2564 OS Command Injection in sbs20/scanservjs
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...
CVE-2023-2564 OS Command Injection in sbs20/scanservjs
OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...
PT-2023-20202 · Unknown · Sbs20/Scanservjs
Name of the Vulnerable Software and Affected Versions: sbs20/scanservjs versions prior to 2.27.0 Description: The issue is related to OS Command Injection in the GitHub repository sbs20/scanservjs. Recommendations: For versions prior to 2.27.0, update to version 2.27.0 or later to resolve the iss...
OS Command Injection via Type Confusion in Scan and Preview Parameters
Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...