Description
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926
Related Vulnerabilities
CVE-2020-7795 Vulnerability in npm package get-npm-package-version
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.13
CVE-2022-0122 Vulnerability in npm package node-forge
CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-controller