CVE-2023-26129

Опубликовано: 27 мая 2023

Источник: nvd

CVSS3: 8.4

CVSS3: 7.8

EPSS Низкий

Описание

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file.

Note:

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

Ссылки

https://security.snyk.io/vuln/SNYK-JS-BWMNG-3175876
Exploit
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-BWMNG-3175876
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bwm-ng_project:bwm-ng:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 55%

0.00322

Низкий

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-78

CWE-77

Связанные уязвимости

CVE-2023-26129

redhat

больше 2 лет назад

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

GHSA-8vw3-vxmj-h43w

CVSS3: 7.8

github

больше 2 лет назад

bwm-ng vulnerable to command injection

EPSS

Процентиль: 55%

0.00322

Низкий

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-78

CWE-77