GHSA-549h-r7g9-2qpf

Опубликовано: 27 мая 2023

Источник: github

Github: Прошло ревью

CVSS3: 7.8

Описание

n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.

Note:

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

Ссылки

Пакеты

Наименование

n158

npm

Затронутые версииВерсия исправления

<= 1.4.1

Отсутствует

EPSS

Процентиль: 37%

0.0016

Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-26127

Дефекты

CWE-74

CWE-77

CWE-78

Связанные уязвимости

CVE-2023-26127

CVSS3: 7.8

nvd

больше 2 лет назад

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

EPSS

Процентиль: 37%

0.0016

Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-26127

Дефекты

CWE-74

CWE-77

CWE-78