yio-cli (=1.0.0) potentially affected by CVE-2023-26128 via keep-module-latest (=1.0.1)

keep-module-latest NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keep-module-latest and may be impacted: - yio-cli =1.0.0 Source cves: CVE-2023-26128 Source advisory: OSV:GHSA-WXRX-PC44-RCGC...

GHSA-WXRX-PC44-RCGC keep-module-latest vulnerable to Command Injection due to missing input sanitization

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...

keep-module-latest 命令注入漏洞

keep-module-latest is a library. A security vulnerability exists in keep-module-latest that stems from a lack of input cleanup or other checks, leaving it vulnerable to command injection attacks...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...