Описание
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.
Ссылки
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.0 (включая)
cpe:2.3:a:textract_project:textract:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00838
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.
EPSS
Процентиль: 74%
0.00838
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78