High severity8.4GHSA Advisory· Published May 27, 2023· Updated Jun 17, 2026
CVE-2023-26129
CVE-2023-26129
Description
All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bwm-ngnpm | <= 0.1.1 | — |
Affected products
2Patches
Vulnerability mechanics
References
3- security.snyk.io/vuln/SNYK-JS-BWMNG-3175876nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-8vw3-vxmj-h43wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26129ghsaADVISORY
News mentions
0No linked articles in our index yet.