EUVD-2021-0927

Malware in sbrugna...

CVE-2020-8186

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

GHSA-4228-7QVX-F4RQ Injection and Command Injection in devcert

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

Injection and Command Injection in devcert

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

CVE-2020-8186

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

CVE-2020-8186

CVE-2020-8186 affects the npm package devcert . The vulnerability stems from building a shell command using user-supplied input inside certificateFor, which constructs a path-key and passes it to an OpenSSL command. An attacker can supply input such as a crafted domain (e.g., '";touch HACKED;"') ...

CVE-2020-8186

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...