An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows malicious users to execute arbitrary code via a crafted file.
keystonejs keystone 4.2.1