CVE-2014-3741 on Ubuntu 16.04 LTS (xenial) - medium.
Description:
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.