31 matches found
📄 node-tesseract-ocr 2.2.1 Command Injection
In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
📄 node-tesseract-ocr 2.2.1 Command Injection
node-tesseract-ocr through version 2.2.1 allows OS command injection in recognize in src/index.js. The package builds a shell command string and executes it with childprocess.exec. Because the input path is only wrapped in double quotes, an attacker can inject shell syntax through a crafted file...
@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +85 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)
node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: SNYK:JS-NODETESSERACTOCR-15874141...
Command Injection
Overview node-tesseract-ocr is an A Node.js wrapper for the Tesseract OCR API Affected versions of this package are vulnerable to Command Injection via the recognize function. An attacker can execute arbitrary system commands by supplying crafted input to the file path parameter, which is...
GHSA-8J44-735H-W4W2 node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +85 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)
node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: OSV:GHSA-8J44-735H-W4W2...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
CVE-2026-26832
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...
CVE-2026-26832
node-tesseract-ocr ≤2.2.1 is vulnerable to OS command injection in recognize() because it builds a shell command string and passes it to child_process.exec() without sanitizing the file path. The vulnerable component is src/index.js (recognize()), affecting all versions up to 2.2.1. The input pat...
Tesseract 安全漏洞
Tesseract is an OCR image text recognition library developed by Nazim Gafarov for a Node.js platform. Versions of Tesseract 2.2.1 and earlier contained security vulnerabilities, which were caused by unvalidated file path parameters, potentially leading to OS command injection attacks...
Exploit for CVE-2026-26832
CVE-2026-26832: OS command injection in node-tesseract-ocr...
EUVD-2021-22714
Malware in sbrugna...
CVE-2021-36081
Tesseract OCR 5.0.0-alpha-20201231 has a oneellconflict use-after-free during a strpbrk call...
Linux Distros Unpatched Vulnerability : CVE-2021-36081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tesseract OCR 5.0.0-alpha-20201231 has a oneellconflict use-after-free during a strpbrk call. CVE-2021-36081 Note that Nessus relies on the presence of the...
tesseract resource management error vulnerability
tesseract is an open source OCR Optical Character Recognition engine. tesseract OCR has a security vulnerability that stems from the fact that Tesseract OCR has oneellconflict use-after-free during strpbrk calls. no details of the vulnerability are currently available...
CVE-2021-36081
Tesseract OCR 5.0.0-alpha-20201231 has a oneellconflict use-after-free during a strpbrk call...
DEBIAN-CVE-2021-36081
Tesseract OCR 5.0.0-alpha-20201231 has a oneellconflict use-after-free during a strpbrk call...
CVE-2021-36081
Tesseract OCR 5.0.0-alpha-20201231 has a oneellconflict use-after-free during a strpbrk call...