CVE-2020-28446
CRITICALntesseract < 0.2.9 - Command Injection via lib/tesseract.js
Title source: llmDescription
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://security.snyk.io/vuln/SNYK-JS-NTESSERACT-1050982
Patch, Third Party Advisory x_refsource_misc
https://github.com/taoyuan/ntesseract/commit/fcbc36f381798b4362179c0cdf9961b437c7b619
Scores
CVSS v3
9.8
EPSS
0.0333
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
npm/ntesseract
0 - 0.2.9npm
ntesseract_project/ntesseract
< 0.2.9
Published
Jul 25, 2022
Tracked Since
Feb 18, 2026