CWE-77

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)

This affects the package image-tiler before 2.0.2.

This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.

All versions of package git-archive are vulnerable to Command Injection via the exports function.

This affects all versions of package monorepo-build.