CVE-2023-49210

Name of the Vulnerable Software and Affected Versions openssl (aka node-openssl) versions through 2.0.0

Description The issue is related to the absence of input data sanitization in the openssl package of the NPM package manager. This allows a remote attacker to execute arbitrary commands by exploiting the vulnerability. The vulnerability only affects products that are no longer supported by the maintainer. There are elevated activities targeting this issue.

Recommendations For versions through 2.0.0, consider disabling the verb field in the opts argument to prevent command execution until a fix is available. Restrict access to the opts argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.