PT-2019-20022 · Github · Tesseract.Js
Published
2019-06-05
·
Updated
2019-06-05
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
tesseract.js versions prior to 1.0.19
Description
The issue concerns the default use of a third-party proxy in versions of tesseract.js prior to 1.0.19. Requests are proxied through crossorigin.me, which is explicitly stated as not suitable for production use. This may result in instability and privacy violations.
Recommendations
Upgrade to version 1.0.19 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tesseract.Js