Arbitrary Command Execution in node-printer Module

Arbitrary Command Execution in node-printer Module

CVE-2014-3741 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.

Learn more about our Web Application Penetration Testing UK.