CVE-2023-26127

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/dsilva2401/n158/blob/master/src/cli/initProject.js%23L8	Broken Link
https://security.snyk.io/vuln/SNYK-JS-N158-3183746	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:n158_project:n158:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2023-05-27 05:15

Updated : 2023-11-07 04:09

NVD link : CVE-2023-26127

Mitre link : CVE-2023-26127

CVE.ORG link : CVE-2023-26127

JSON object : View

Products Affected

n158_project

n158

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-26127", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-05-27T05:15:09.300", "references": [{"url": "https://github.com/dsilva2401/n158/blob/master/src/cli/initProject.js%23L8", "tags": ["Broken Link"], "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-N158-3183746", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.\r\r**Note:**\r\rTo execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment."}], "lastModified": "2023-11-07T04:09:24.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:n158_project:n158:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "BECA3C90-C249-4A76-A6E6-0ECD53D1DEE8"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}