Description
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.
Remediation
References
https://hackerone.com/reports/863544
Related Vulnerabilities
CVE-2021-23380 Vulnerability in npm package roar-pidusage
CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher
CVE-2022-29247 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-21179 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-41828 Vulnerability in maven package com.amazon.redshift:redshift-jdbc42