Vulnerability Details CVE-2016-10320
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Products affected by CVE-2016-10320
-
cpe:2.3:a:textract_project:textract:0.2.0
-
cpe:2.3:a:textract_project:textract:0.3.0
-
cpe:2.3:a:textract_project:textract:0.4.0
-
cpe:2.3:a:textract_project:textract:0.5.0
-
cpe:2.3:a:textract_project:textract:0.5.1
-
cpe:2.3:a:textract_project:textract:1.0.0
-
cpe:2.3:a:textract_project:textract:1.1.0
-
cpe:2.3:a:textract_project:textract:1.2.0
-
cpe:2.3:a:textract_project:textract:1.3.0
-
cpe:2.3:a:textract_project:textract:1.4.0