Description
Versions of tesseract.js prior to 1.0.19 default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations.
Recommendation
Update the tesseract.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.19
- Patched version(s): 1.0.19
References
Related Issues
- counterpart vulnerable to prototype pollution - CVE-2025-57354
- Parse Server has an OAuth login vulnerability - CVE-2025-30168
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Tags:
- npm
- tesseract.js
Anything's wrong? Let us know Last updated on January 09, 2023