exploitDog

GHSA-2h98-6q8m-mm63

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

Ссылки

EPSS

Процентиль: 74%

0.00838

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2016-10320

CVSS3: 7.8

nvd

почти 9 лет назад

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

EPSS

Процентиль: 74%

0.00838

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-78