Description
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization.
Recommendation
Update the devcert-sanscache package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.4.7
- Patched version(s): 0.4.7
References
Related Issues
- rollbar vulnerable to prototype pollution - CVE-2025-57325
- Prebid.js NPM package briefly compromised - CVE-2025-59038
- devalue prototype pollution vulnerability - CVE-2025-57820
- js-toml Prototype Pollution Vulnerability - CVE-2025-54803
- Tags:
- npm
- devcert-sanscache
Anything's wrong? Let us know Last updated on January 09, 2023