<p>Upgrade to version > 0.0.1 which is available on github at <a href="https://github.com/tojocky/node-printer">https://github.com/tojocky/node-printer</a></p>

Arbitrary Command Injection Affecting printer package, versions <0.2.1

Q: How to fix?

<p>Upgrade to version &gt; 0.0.1 which is available on github at <a href="https://github.com/tojocky/node-printer">https://github.com/tojocky/node-printer</a></p>

Threat Intelligence

0.4% (75^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID npm:printer:20140306
published 6 Mar 2014
disclosed 6 Mar 2014
credit Adam Baldwin

Report a new vulnerability Found a mistake?

Introduced: 6 Mar 2014

CVE-2014-3741 Open this link in a new tab CWE-77 Open this link in a new tab

How to fix?

Upgrade to version > 0.0.1 which is available on github at https://github.com/tojocky/node-printer

Overview

printer does not sanitize command arguments properly in the printDirect() function. If untrusted client input is passed in, command injection is possible.

Source: Node Security Project

References

Special thanks to Wes Cruver for providing a pull request!

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

None