Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Devcert ProjectDevcert

2 matches found

CVE
CVEadded 2022/06/01 4:47 p.m.64 views

CVE-2022-1929

CVE-2022-1929 affects the npm package devcert. Affected component: the certificateFor function and the underlying regex patterns for VALID_IP/VALID_DOMAIN, leading to an exponential ReDoS (Denial of Service) when attacker-controlled input is provided. Public sources describe a denial of service a...

7.5CVSS6.5AI score0.0018EPSS
CVE
CVEadded 2020/07/10 3:37 p.m.47 views

CVE-2020-8186

CVE-2020-8186 affects the npm package devcert . The vulnerability stems from building a shell command using user-supplied input inside certificateFor, which constructs a path-key and passes it to an OpenSSL command. An attacker can supply input such as a crafted domain (e.g., '";touch HACKED;"') ...

9.8CVSS9.8AI score0.01493EPSS