-
Byte Open Security
(ByteOS Network)
Log In
Sign Up
NVD Vulnerability Details :
CVE-2020-28446
Analyzed
More Info
Official Page
Source
-
report@snyk.io
View Known Exploited Vulnerability (KEV) details
Published At
-
25 Jul, 2022 | 14:15
Updated At
-
28 Jul, 2022 | 19:16
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.
CISA Catalog
Date Added
Due Date
Vulnerability Name
Required Action
N/A
Date Added:
N/A
Due Date:
N/A
Vulnerability Name:
N/A
Required Action:
N/A
Metrics
Type
Version
Base score
Base severity
Vector
Primary
3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary
3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type:
Primary
Version:
3.1
Base score:
9.8
Base severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type:
Secondary
Version:
3.1
Base score:
9.8
Base severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ntesseract_project
ntesseract_project
>>
ntesseract
>>
Versions before 0.2.9(exclusive)
cpe:2.3:a:ntesseract_project:ntesseract:*:*:*:*:*:node.js:*:*
Load More
Weaknesses
CWE ID
Type
Source
CWE-77
Primary
nvd@nist.gov
CWE ID:
CWE-77
Type:
Primary
Source:
nvd@nist.gov
Evaluator Description
Evaluator Impact
Evaluator Solution
Vendor Statements
References
Hyperlink
Source
Resource
https://github.com/taoyuan/ntesseract/commit/fcbc36f381798b4362179c0cdf9961b437c7b619
report@snyk.io
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-NTESSERACT-1050982
report@snyk.io
Exploit
Third Party Advisory
Hyperlink:
https://github.com/taoyuan/ntesseract/commit/fcbc36f381798b4362179c0cdf9961b437c7b619
Source:
report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink:
https://security.snyk.io/vuln/SNYK-JS-NTESSERACT-1050982
Source:
report@snyk.io
Resource:
Exploit
Third Party Advisory
Change History
0
Changes found
Details not found