CVE-2023-26127

HIGH

n158 - OS Command Injection via Improper Input Sanitization in module.exports

Title source: llm

Description

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

References (2)

Core 2

Core References

Broken Link

https://github.com/dsilva2401/n158/blob/master/src/cli/initProject.js%23L8

Third Party Advisory

https://security.snyk.io/vuln/SNYK-JS-N158-3183746

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 33.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78 CWE-77

Status published

Products (2)

n158_project/n158

npm/n158 0npm

Published May 27, 2023

Tracked Since Feb 18, 2026