GMS-2019-60: Insecure Default Configuration in tesseract.js

June 5, 2019 (updated August 4, 2021)

Versions of tesseract.js default to using a third-party proxy. Requests may be proxied through crossorigin.me which clearly states is not suitable for production use. This may lead to instability and privacy violations. Upgrade to or later.

References

github.com/advisories/GHSA-83rx-c8cr-6j8q
github.com/naptha/tesseract.js/commit/679eba055f2a4271558e86beec3d1b70cae3fb28
github.com/naptha/tesseract.js/pull/267
snyk.io/vuln/SNYK-JS-TESSERACTJS-174085
www.npmjs.com/advisories/792

Detect and mitigate GMS-2019-60 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →