es128 ssl-utils is vulnerable to os command injection. The vulnerability exists in createCertRequest()
and createCert()
functions in generate.js
because the user inputs are not properly sanitized which allows an attacker to inject and execute arbitrary commands.