devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName
controlled by user input is used as part of the exec
function without any sanitization.
[
{
"product": "devcert-sanscache",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 0.4.7"
}
]
}
]