6 matches found
GHSA-WXRX-PC44-RCGC keep-module-latest vulnerable to Command Injection due to missing input sanitization
All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...
yio-cli (=1.0.0) potentially affected by CVE-2023-26128 via keep-module-latest (=1.0.1)
keep-module-latest NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keep-module-latest and may be impacted: - yio-cli =1.0.0 Source cves: CVE-2023-26128 Source advisory: OSV:GHSA-WXRX-PC44-RCGC...
CVE-2023-26128
CVE-2023-26128 affects the Node.js package keep-module-latest. All versions are vulnerable to Command Injection due to missing input sanitization when calling the installModule function. The vulnerability requires the attacker to run Node.js code in the target environment (local access), enabling...
keep-module-latest 命令注入漏洞
keep-module-latest is a library. A security vulnerability exists in keep-module-latest that stems from a lack of input cleanup or other checks, leaving it vulnerable to command injection attacks...
yio-cli (=1.0.0) potentially affected by CVE-2023-26128 via keep-module-latest (=1.0.1)
keep-module-latest NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keep-module-latest and may be impacted: - yio-cli =1.0.0 Source cves: CVE-2023-26128 Source advisory: SNYK:JS-KEEPMODULELATEST-3157165...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...