CVE-2016-10320 in textractinfo

Summary

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

04/06/2017

Disclosure

04/06/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-78 (Confirmed)

CVSS

7.5

EPSS

0.00838

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-10320
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-10320
CVE Details	https://www.cvedetails.com/cve/CVE-2016-10320/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!