EUVD-2021-0927

Malware in sbrugna...

CVE-2020-8186

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

devcert Module Command Injection (CVE-2020-8186)

A command injection vulnerability exists in devcert module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-8186

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

CVE-2020-8186

CVE-2020-8186 affects the npm package devcert . The vulnerability stems from building a shell command using user-supplied input inside certificateFor, which constructs a path-key and passes it to an OpenSSL command. An attacker can supply input such as a crafted domain (e.g., '";touch HACKED;"') ...

CVE-2020-8186

A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...

Node.js third-party modules: [devcert] Command Injection via insecure command formatting

I would like to report a Command Injection issue in the devcert module. It allows to execute arbitrary commands on the victim's PC. Module module name: devcert version: 1.1.0 npm page: https://www.npmjs.com/package/devcert Module Description devcert - Development SSL made easy Module Stats 276,46...