CVE-2023-26128

Name of the Vulnerable Software and Affected Versions keep-module-latest versions all

Description The issue arises due to missing input sanitization or other checks and sandboxes being employed to the installModule function, leading to Command Injection. To potentially exploit this, an attacker needs the ability to run Node.js code within the target environment, typically requiring some level of access to the system or application hosting the Node.js environment.

Recommendations For all versions, consider disabling the installModule function until a patch is available to prevent potential Command Injection attacks. Restrict access to the Node.js environment to minimize the risk of exploitation. Avoid using the installModule function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.