Lucene search
K

6 matches found

OSV
OSV
added 2023/05/27 6:30 a.m.10 views

GHSA-WXRX-PC44-RCGC keep-module-latest vulnerable to Command Injection due to missing input sanitization

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have...

8.4CVSS7.2AI score0.01188EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2023/05/27 6:30 a.m.6 views

yio-cli (=1.0.0) potentially affected by CVE-2023-26128 via keep-module-latest (=1.0.1)

keep-module-latest NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keep-module-latest and may be impacted: - yio-cli =1.0.0 Source cves: CVE-2023-26128 Source advisory: OSV:GHSA-WXRX-PC44-RCGC...

8.4CVSS7.1AI score0.01188EPSS
Exploits1
CVE
CVE
added 2023/05/27 5:0 a.m.52 views

CVE-2023-26128

CVE-2023-26128 affects the Node.js package keep-module-latest. All versions are vulnerable to Command Injection due to missing input sanitization when calling the installModule function. The vulnerability requires the attacker to run Node.js code in the target environment (local access), enabling...

8.4CVSS7.9AI score0.01188EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/05/27 12:0 a.m.4 views

keep-module-latest 命令注入漏洞

keep-module-latest is a library. A security vulnerability exists in keep-module-latest that stems from a lack of input cleanup or other checks, leaving it vulnerable to command injection attacks...

8.4CVSS7.6AI score0.01188EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/12/05 3:13 p.m.3 views

yio-cli (=1.0.0) potentially affected by CVE-2023-26128 via keep-module-latest (=1.0.1)

keep-module-latest NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keep-module-latest and may be impacted: - yio-cli =1.0.0 Source cves: CVE-2023-26128 Source advisory: SNYK:JS-KEEPMODULELATEST-3157165...

8.4CVSS7.1AI score0.01188EPSS
Exploits1
Snyk
Snyk
added 2022/12/05 3:13 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...

8.4CVSS7.6AI score0.01188EPSS
Exploits1References2
Rows per page
Query Builder