Description
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.
Remediation
References
https://hackerone.com/reports/863544
Related Vulnerabilities
CVE-2021-42227 Vulnerability in npm package kindeditor
CVE-2020-28459 Vulnerability in npm package markdown-it-decorate
CVE-2021-46365 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2023-26122 Vulnerability in npm package safe-eval
CVE-2023-30517 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner