devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName
controlled by user input is used as part of the exec
function without any sanitization.
CPE | Name | Operator | Version |
---|---|---|---|
devcert-sanscache | lt | 0.4.7 |