35 matches found
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
CVE-2020-8186
CVE-2020-8186 affects the npm package devcert . The vulnerability stems from building a shell command using user-supplied input inside certificateFor, which constructs a path-key and passes it to an OpenSSL command. An attacker can supply input such as a crafted domain (e.g., '";touch HACKED;"') ...
CVE-2020-8186
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function...
OS Command Injection
devcert is vulnerable to remote code execution RCE. It is possible because it does not validate the user-provided string-concatenated input to the run command in utils.js, which is subsequently passed to execSync, leading to execution of malicious commands...
Node.js third-party modules: [devcert] Command Injection via insecure command formatting
I would like to report a Command Injection issue in the devcert module. It allows to execute arbitrary commands on the victim's PC. Module module name: devcert version: 1.1.0 npm page: https://www.npmjs.com/package/devcert Module Description devcert - Development SSL made easy Module Stats 276,46...
@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)
devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...
OS Command Injection in devcert-sanscache
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
GHSA-4GP3-P7PH-X2JR OS Command Injection in devcert-sanscache
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...
CVE-2019-10778
CVE-2019-10778 affects devcert-sanscache prior to 0.4.7. The vulnerability allows a remote attacker to execute arbitrary code or perform command injection because the user-controlled commonName is used inside an exec call without sanitization. Impact is described as remote code execution with pot...
@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)
devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...
Command Injection
Overview devcert-sanscache is a package that can be used to generate trusted local SSL/TLS certificates for local SSL development. Affected versions of this package are vulnerable to Command Injection. The variable commonName controlled by user input is used as part of the exec function without a...