Description
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization.
Recommendation
Update the devcert-sanscache package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.4.7
- Patched version(s): 0.4.7
References
Related Issues
- Injection and Command Injection in devcert - CVE-2020-8186
- Pedroetb TTS-API OS Command Injection - CVE-2019-25158
- Command Injection in ungit - CVE-2022-25766
- react-dev-utils OS Command Injection in function `getProcessForPort` - CVE-2021-24033
- Tags:
- npm
- devcert-sanscache
Anything's wrong? Let us know Last updated on January 09, 2023