Lucene search
K

4 matches found

OSV
OSV
added 2026/03/25 6:31 p.m.4 views

GHSA-8J44-735H-W4W2 node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

9.8CVSS5.9AI score0.01706EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/03/25 12:0 a.m.24 views

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

0.02421EPSS
Exploits4References6
CVE
CVE
added 2026/03/25 12:0 a.m.27 views

CVE-2026-26832

node-tesseract-ocr ≤2.2.1 is vulnerable to OS command injection in recognize() because it builds a shell command string and passes it to child_process.exec() without sanitizing the file path. The vulnerable component is src/index.js (recognize()), affecting all versions up to 2.2.1. The input pat...

9.8CVSS5.9AI score0.01706EPSS
Exploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2018/06/07 12:0 a.m.5 views

PT-2018-16155 · Npm +2 · Public +2

Name of the Vulnerable Software and Affected Versions: public versions prior to 0.1.3 Description: The issue arises from a lack of validation of the filePath, allowing a malicious user to read the content of any file with a known path due to a Path Traversal vulnerability. This is caused by...

7.5CVSS7.3AI score0.02038EPSS
Exploits1References6
Rows per page
Query Builder