devcert-sanscache is vulnerable to OS command injection. The commonName
parameter used to generate a developer SSL certificate is not validated and sanitized, allowing for command injection as the value is subsequently passed into an exec
function.
CPE | Name | Operator | Version |
---|---|---|---|
devcert-sanscache | le | 0.4.6 |