Home > Vulnerability Database > WS-2019-0039

Mend.io Vulnerability Database

WS-2019-0039

Good to know:

Date: February 16, 2019

All versions of tesseract.js default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations.

Language: JS

Severity Score

5.3

Related Resources (3)

Url: https://www.npmjs.com/advisories/792

Url: https://github.com/naptha/tesseract.js/commit/679eba055f2a4271558e86beec3d1b70cae3fb28

Url: https://www.mend.io/vulnerability-database/WS-2019-0039

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version auspice - no_fix;limesurvey/limesurvey - dev-fix-spss-token-length;limesurvey/limesurvey - dev-snyk-upgrade-80cca6dada6ad6307686632d311a7ef6;limesurvey/limesurvey - dev-develop;limesurvey/limesurvey - dev-dev-clean-survey-model;limesurvey/limesurvey - dev-fieldmap2;limesurvey/limesurvey - dev-snyk-fix-76cf46bd82f4347fa5bd130cdd788057;limesurvey/limesurvey - dev-anonymize-tokens;limesurvey/limesurvey - dev-findfix6;limesurvey/limesurvey - dev-tests-add-dir;tesseract.js - 1.0.16;org.webjars.npm:dom-to-image:no_fix;org.webjars.npm:github-com-dmapper-dom-to-image:no_fix;org.webjars.npm:github-com-tsayen-dom-to-image:no_fix;org.webjars.npm:dom-to-image-more:3.1.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2019-0039

Good to know:

Date: February 16, 2019

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?