CVE-2014-3741: Potential Command Injection

October 23, 2017 (updated November 21, 2017)

Printer does not sanitize command arguments properly in the printDirect() function. If untrusted client input is passed in, command injection is possible.

References

github.com/tojocky/node-printer
github.com/tojocky/node-printer/commit/e001e38738c17219a1d9dd8c31f7d82b9c0013c7

Code Behaviors & Features

Detect and mitigate CVE-2014-3741 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →