Description
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926
Related Vulnerabilities
CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar
CVE-2020-7614 Vulnerability in npm package npm-programmatic
CVE-2020-14966 Vulnerability in maven package org.webjars.bower:jsrsasign
CVE-2018-1999004 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-23346 Vulnerability in npm package html-parse-stringify