34 matches found
EUVD-2021-0927
Malware in sbrugna...
EUVD-2020-0364
Malware in sbrugna...
EUVD-2022-6038
Malicious code in bioql PyPI...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
Regular Expression Denial Of Service (ReDoS)
devcert is vulnerable to regular expression denial of service. An attacker can crash the application by providing a malicious input to the certificateFor function of index.ts due to the insecure regex pattern used for VALIDIP and VALIDDOMAIN parameters...
GHSA-FP36-299X-PWMW Regular expression denial of service in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
@ampersandhq/disable-proxy-ssl-verification (=0.0.1), @deg-skeletor/plugin-express (>=1.4.0 <=1.4.8) +22 more potentially affected by CVE-2022-1929 via devcert (>=0.3.2 <=1.2.0)
devcert NPM version =0.3.2, =1.4.0, =1.0.0, =0.0.1, =1.0.0, =13.3.0, =0.0.18, =0.0.1, =1.0.0, =2.0.0, =2.0.0-rc.3, =14.5.1-alpha4 and more Source cves: CVE-2022-1929 Source advisory: OSV:GHSA-FP36-299X-PWMW...
Regular expression denial of service in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2022-1929
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
Design/Logic Flaw
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
Devcert 安全漏洞
Devcert is a package for SSL development from npm, Inc. A denial of service vulnerability exists in versions prior to Devcert 1.2.1, which stems from triggering an exponential ReDoS regular expression denial of service in the Devcert package. An attacker could exploit this vulnerability to cause ...
CVE-2022-1929
CVE-2022-1929 affects the npm package devcert. Affected component: the certificateFor function and the underlying regex patterns for VALID_IP/VALID_DOMAIN, leading to an exponential ReDoS (Denial of Service) when attacker-controlled input is provided. Public sources describe a denial of service a...
CVE-2022-1929 Exponential ReDoS in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
PT-2022-14197 · Devcert · Devcert
Name of the Vulnerable Software and Affected Versions: devcert affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered when an attacker supplies arbitrary input to the certificateFor method...
Injection and Command Injection in devcert
Overview A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function. Recommendation Upgrade to version 1.1.2 or later References - CVE - GitHub Advisory...
GHSA-4228-7QVX-F4RQ Injection and Command Injection in devcert
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
Injection and Command Injection in devcert
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
devcert Module Command Injection (CVE-2020-8186)
A command injection vulnerability exists in devcert module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...