CVE-2019-25158 | pedroetb tts-api up to 2.1.4 app.js onSpeechDone os command injection

Inserito da Angelo Barbosa | Dic 17, 2023 | CVE

A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection.

This vulnerability was named CVE-2019-25158. The attack can only be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2019-25158 | pedroetb tts-api up to 2.1.4 app.js onSpeechDone os command injection

Post correlati

CVE-2023-33759 | SpliceCom Maximiser Soft PBX up to 1.5 excessive authentication

CVE-2023-49867 | LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 Realtek rtl819x Jungle SDK formWsc stack-based overflow (TALOS-2023-1904)

CVE-2024-5835 | Google Chrome prior 126.0.6478.54 Tab Groups heap-based overflow (ID 341991)

CVE-2024-2202 | SiteOrigin Page Builder Plugin up to 2.29.6 on WordPress Legacy Image Widget cross site scripting