Critical severity9.8NVD Advisory· Published Oct 23, 2017· Updated Jun 17, 2026
CVE-2014-3741
CVE-2014-3741
Description
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
printernpm | < 0.0.2 | 0.0.2 |
Affected products
2- cpe:2.3:a:node-printer_project:node-printer:*:*:*:*:*:node.js:*:*Range: <=0.0.1
Patches
Vulnerability mechanics
References
7- github.com/tojocky/node-printer/commit/e001e38738c17219a1d9dd8c31f7d82b9c0013c7nvdIssue TrackingPatchWEB
- www.openwall.com/lists/oss-security/2014/05/13/1nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2014/05/15/2nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-5c8j-xr24-2665ghsaADVISORY
- nodesecurity.io/advisories/printer_potential_command_injectionnvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2014-3741ghsaADVISORY
- www.npmjs.com/advisories/27ghsaWEB
News mentions
0No linked articles in our index yet.