devcert@1.0.2

Vulnerabilities

1 via 1 paths

Dependencies

59

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Command Injection

  • Vulnerable module: devcert
  • Introduced through: devcert@1.0.2

Detailed paths

  • Introduced through: devcert@1.0.2
    Remediation: Upgrade to devcert@1.1.1.

Overview

devcert is a Generate trusted local SSL/TLS certificates for local SSL development

Affected versions of this package are vulnerable to Command Injection. The function run used execSync without proper sanitization.

Remediation

Upgrade devcert to version 1.1.1 or higher.

References