6 matches found
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)
devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
CVE-2019-10778 affects devcert-sanscache prior to 0.4.7. The vulnerability allows a remote attacker to execute arbitrary code or perform command injection because the user-controlled commonName is used inside an exec call without sanitization. Impact is described as remote code execution with pot...
@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)
devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...