Vulnerability Description
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Node-Printer Project | Node-Printer | <= 0.0.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/05/13/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/05/15/2Mailing ListThird Party Advisory
- https://github.com/tojocky/node-printer/commit/e001e38738c17219a1d9dd8c31f7d82b9Issue TrackingPatch
- https://nodesecurity.io/advisories/printer_potential_command_injectionThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/05/13/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/05/15/2Mailing ListThird Party Advisory
- https://github.com/tojocky/node-printer/commit/e001e38738c17219a1d9dd8c31f7d82b9Issue TrackingPatch
- https://nodesecurity.io/advisories/printer_potential_command_injectionThird Party Advisory
FAQ
What is CVE-2014-3741?
CVE-2014-3741 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
How severe is CVE-2014-3741?
CVE-2014-3741 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-3741?
Check the references section above for vendor advisories and patch information. Affected products include: Node-Printer Project Node-Printer.