13 matches found
EUVD-2021-0927
Malware in sbrugna...
EUVD-2022-6038
Malicious code in bioql PyPI...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
GHSA-FP36-299X-PWMW Regular expression denial of service in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
Regular expression denial of service in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
Design/Logic Flaw
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2022-1929
CVE-2022-1929 affects the npm package devcert. Affected component: the certificateFor function and the underlying regex patterns for VALID_IP/VALID_DOMAIN, leading to an exponential ReDoS (Denial of Service) when attacker-controlled input is provided. Public sources describe a denial of service a...
GHSA-4228-7QVX-F4RQ Injection and Command Injection in devcert
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
Injection and Command Injection in devcert
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
CVE-2020-8186
CVE-2020-8186 affects the npm package devcert . The vulnerability stems from building a shell command using user-supplied input inside certificateFor, which constructs a path-key and passes it to an OpenSSL command. An attacker can supply input such as a crafted domain (e.g., '";touch HACKED;"') ...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...