Description
Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations.
Recommendation
Update the tesseract.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.19
- Patched version(s): 1.0.19
References
Related Issues
- Insecure Default Configuration in redbird - Vulnerability
- Default swagger-ui configuration exposes all files in the module - CVE-2024-22207
- Incorrect default cookie name and recommendation - Vulnerability
- Insecure Cryptography Algorithm in simple-crypto-js - Vulnerability
- Tags:
- npm
- tesseract.js
Anything's wrong? Let us know Last updated on January 09, 2023