An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor...
7.5CVSS
7.4AI Score
0.001EPSS
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor...
9.8CVSS
9.8AI Score
0.003EPSS
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any...
9.8CVSS
9.8AI Score
0.004EPSS