22 matches found
📄 textract 2.5.0 Command Injection
In textract version 2.5.0, a security vulnerability allows OS command injection when untrusted file paths are processed by the library. ================================================================================================================================== | Title : textract 2.5.0 OS...
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
📄 textract 2.5.0 Command Injection
textract through version 2.5.0 allows OS command injection through the file path supplied to multiple extractors. Several code paths pass that file path into childprocess.exec with inadequate sanitization. An attacker who can influence the file name or path can break out of the command line and r...
Command Injection
Overview textract is an Extracting text from files of various type including html, pdf, doc, docx, xls, xlsx, csv, pptx, png, jpg, gif, rtf, text/, and various open office. Affected versions of this package are vulnerable to Command Injection via the filePath parameter in multiple extractors. An...
@brainbase-ai/action-read (=0.0.1), @brainbase-ai/actions (>=3.2.105 <=3.2.107) +71 more potentially affected by CVE-2026-26831 via textract (>=1.1.1 <=2.5.0)
textract NPM version =1.1.1, =3.2.105, =0.0.0, =0.0.0, =0.0.0, =0.0.15, =0.0.0, =0.0.0, =0.1.0, =1.0.0, =1.0.0, =0.1.1, =0.7.0, =0.17.0 and more Source cves: CVE-2026-26831 Source advisory: SNYK:JS-TEXTRACT-15874118...
EUVD-2026-15459
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
@brainbase-ai/action-read (=0.0.1), @brainbase-ai/actions (>=3.2.105 <=3.2.107) +71 more potentially affected by CVE-2026-26831 via textract (>=1.1.1 <=2.5.0)
textract NPM version =1.1.1, =3.2.105, =0.0.0, =0.0.0, =0.0.0, =0.0.15, =0.0.0, =0.0.0, =0.1.0, =1.0.0, =1.0.0, =0.1.1, =0.7.0, =0.17.0 and more Source cves: CVE-2026-26831 Source advisory: OSV:GHSA-9PCJ-M5RR-P28G...
textract is vulnerable to OS Command Injection
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
GHSA-9PCJ-M5RR-P28G textract is vulnerable to OS Command Injection
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
textract 安全漏洞
Textract is a text extraction tool developed by David Bashford, which supports multiple formats. Textract versions 2.5.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from unvalidated file path parameters, which could lead to OS command injection attacks...
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
PT-2026-27800
Name of the Vulnerable Software and Affected Versions textract versions through 2.5.0 Description The software is susceptible to an OS Command Injection issue through the file path parameter in multiple extractors. Processing files with malicious filenames allows the filePath to be directly passe...
CVE-2026-26831
CVE-2026-26831 affects textract up to version 2.5.0, where filePath is passed directly to child_process.exec() in multiple extractors (lib/extractors/doc.js, lib/extractors/rtf.js, lib/extractors/dxf.js, lib/extractors/images.js, and lib/util.js) without sufficient sanitization, enabling OS comma...
Exploit for CVE-2026-26831
CVE-2026-26831: OS command injection in textract Summary...
CVE-2016-10320
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...
Textract Operating System Command Injection Vulnerability
textract is a Python library for extracting text content from various documents. An operating system command injection vulnerability exists in textract. A remote attacker can use this vulnerability to inject operating system commands by calling the process function from a filename...
Command injection
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...
CVE-2016-10320
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...
CVE-2016-10320
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files...