npm package
devcert
pkg:npm/devcert
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1929 | — | < 1.2.1 | 1.2.1 | Jun 1, 2022 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | ||
| CVE-2020-8186 | — | < 1.1.2 | 1.1.2 | Jul 10, 2020 | A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. |
- CVE-2022-1929Jun 1, 2022affected < 1.2.1fixed 1.2.1
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
- CVE-2020-8186Jul 10, 2020affected < 1.1.2fixed 1.1.2
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.