CVE-2019-10778
Description
A command injection vulnerability in devcert-sanscache before 0.4.7 allows attackers to execute arbitrary commands via the unsanitized commonName parameter passed to exec().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in devcert-sanscache before 0.4.7 allows attackers to execute arbitrary commands via the unsanitized commonName parameter passed to exec().
Vulnerability
Overview
devcert-sanscache before version 0.4.7 is vulnerable to command injection. The root cause is the unsanitized use of the commonName variable, which is controlled by user input, as part of an exec function call. The official CVE description confirms that the exec function receives this user-supplied value without any sanitization or escaping [1].
Exploitation
Details
An attacker can exploit this vulnerability by supplying a specially crafted commonName string containing shell metacharacters. A proof-of-concept provided by JHU System Security Lab demonstrates the attack: using a value like "&touch Song&" leads to arbitrary command execution during certificate generation [2]. The attack does not require authentication, as the vulnerable function is typically called with attacker-controllable input.
Impact
Successful exploitation allows a remote attacker to execute arbitrary commands on the system running devcert-sanscache. This can lead to full compromise of the host, including data exfiltration, installation of malware, or further lateral movement within the environment [2].
Mitigation
The vulnerability is fixed in version 0.4.7 of devcert-sanscache. The fix involves stricter validation of the commonName input, restricting allowed characters to alphanumeric and period characters, as shown in the commit that adds a regex check: if (!commonName.match(/^(a-zA-Z0-9|\.){1,64}$/)) [3]. Users should upgrade to version 0.4.7 or later immediately. No workaround is available, and the package maintainers have addressed the issue through this input sanitization.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
devcert-sanscachenpm | < 0.4.7 | 0.4.7 |
Affected products
2- devcert-sanscache/devcert-sanscachedescription
Patches
1571f4e6d077fcommon name sanitization
1 file changed · +1 −1
src/index.ts+1 −1 modified@@ -6,7 +6,7 @@ import fs = require('fs'); export default async function generateDevCert (commonName: string) { if (!commandExists.sync('openssl')) throw new Error('Unable to find openssl - make sure it is installed and available in your PATH'); - if (!commonName.match(/^(.|\.){1,64}$/)) + if (!commonName.match(/^(a-zA-Z0-9|\.){1,64}$/)) throw new Error(`Invalid Common Name ${commonName}.`); try { const opensslConfPath = generateOpensslConf(commonName);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-4gp3-p7ph-x2jrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10778ghsaADVISORY
- github.com/guybedford/devcert/commit/571f4e6d077f7f21c6aed655ae380d85a7a5d3b8ghsaWEB
- snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.