GHSA-83rx-c8cr-6j8q

Опубликовано: 05 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Insecure Default Configuration in tesseract.js

Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations.

Recommendation

Upgrade to version 1.0.19 or later.

Ссылки

https://github.com/naptha/tesseract.js/pull/267
https://github.com/naptha/tesseract.js/commit/679eba055f2a4271558e86beec3d1b70cae3fb28
https://snyk.io/vuln/SNYK-JS-TESSERACTJS-174085
https://www.npmjs.com/advisories/792

Пакеты

Наименование

tesseract.js

npm

Затронутые версииВерсия исправления

< 1.0.19

1.0.19

5.9 Medium

CVSS3

Дефекты

CWE-829

5.9 Medium

CVSS3

Дефекты

CWE-829