CVE-2023-26128: 
JavaScript vulnerability analysis and mitigation

CVE-2023-26128 is a Command Injection vulnerability affecting the keep-module-latest package. The vulnerability was first introduced and disclosed on December 5, 2022, and was published on May 26, 2023. The vulnerability exists due to missing input sanitization in the installModule function (Snyk).

The vulnerability is classified as CWE-78 (Command Injection) and has received a CVSS v3.1 base score of 8.4 (High) from Snyk. The vulnerability allows for command injection through the installModule function due to lack of proper input validation and sandbox protection. To exploit this vulnerability, an attacker needs to have the ability to run Node.js code within the target environment (Snyk).

If successfully exploited, this vulnerability can lead to a total loss of confidentiality, integrity, and availability of the affected system. An attacker could potentially execute arbitrary commands, modify system files, and cause complete system compromise. The vulnerability allows for unauthorized access to restricted information and potential system manipulation (Snyk).

Currently, there is no fixed version available for the keep-module-latest package. Users are advised to consider alternative packages or implement additional security controls to protect against command injection attacks (Snyk).