3 matches found
Injection and Command Injection in devcert
Overview A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function. Recommendation Upgrade to version 1.1.2 or later References - CVE - GitHub Advisory...
devcert Module Command Injection (CVE-2020-8186)
A command injection vulnerability exists in devcert module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-8186
CVE-2020-8186 affects the npm package devcert . The vulnerability stems from building a shell command using user-supplied input inside certificateFor, which constructs a path-key and passes it to an OpenSSL command. An attacker can supply input such as a crafted domain (e.g., '";touch HACKED;"') ...