Search criteria
6 vulnerabilities found for devcert by devcert_project
FKIE_CVE-2022-1929
Vulnerability from fkie_nvd - Published: 2022-06-02 14:15 - Updated: 2024-11-21 06:41
Severity
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
References
| URL | Tags | ||
|---|---|---|---|
| reefs@jfrog.com | https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| devcert_project | devcert | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devcert_project:devcert:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FA7056A1-A863-41F6-9158-9002BB77DBDF",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
},
{
"lang": "es",
"value": "Un ReDoS exponencial (Denegaci\u00f3n de Servicio de Expresi\u00f3n Regular) puede ser desencadenado en el paquete npm devcert, cuando un atacante es capaz de suministrar una entrada arbitraria al m\u00e9todo certificateFor"
}
],
"id": "CVE-2022-1929",
"lastModified": "2024-11-21T06:41:46.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:15:33.973",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8186
Vulnerability from fkie_nvd - Published: 2020-07-10 16:15 - Updated: 2024-11-21 05:38
Severity
Summary
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/863544 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/863544 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| devcert_project | devcert | 1.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devcert_project:devcert:1.1.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B08C9081-C0E6-4AD3-8280-1815CB341950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comando en el m\u00f3dulo \"devcert\", puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota cuando usuarios del m\u00f3dulo pasan una entrada no confiable hacia la funci\u00f3n \"certificateFor\""
}
],
"id": "CVE-2020-8186",
"lastModified": "2024-11-21T05:38:27.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-10T16:15:11.843",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/863544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/863544"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-1929 (GCVE-0-2022-1929)
Vulnerability from cvelistv5 – Published: 2022-06-01 16:47 – Updated: 2024-09-16 23:11
VLAI
Title
Exponential ReDoS in devcert
Summary
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Severity
5.9 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://research.jfrog.com/vulnerabilities/devcer… | x_refsource_MISC |
Impacted products
Date Public
2022-05-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert",
"vendor": "devcert",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"datePublic": "2022-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T16:47:58.000Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Exponential ReDoS in devcert",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@jfrog.com",
"DATE_PUBLIC": "2022-05-29T23:05:00.000Z",
"ID": "CVE-2022-1929",
"STATE": "PUBLIC",
"TITLE": "Exponential ReDoS in devcert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "devcert"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/",
"refsource": "MISC",
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2022-1929",
"datePublished": "2022-06-01T16:47:58.826Z",
"dateReserved": "2022-05-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:15.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8186 (GCVE-0-2020-8186)
Vulnerability from cvelistv5 – Published: 2020-07-10 15:37 – Updated: 2024-08-04 09:56
VLAI
Summary
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.
Severity
No CVSS data available.
CWE
- CWE-77 - Command Injection - Generic (CWE-77)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/863544 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/863544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Version: 1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection - Generic (CWE-77)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T15:37:18.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/863544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert",
"version": {
"version_data": [
{
"version_value": "Fixed Version: 1.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection - Generic (CWE-77)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/863544",
"refsource": "MISC",
"url": "https://hackerone.com/reports/863544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8186",
"datePublished": "2020-07-10T15:37:18.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1929 (GCVE-0-2022-1929)
Vulnerability from nvd – Published: 2022-06-01 16:47 – Updated: 2024-09-16 23:11
VLAI
Title
Exponential ReDoS in devcert
Summary
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
Severity
5.9 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://research.jfrog.com/vulnerabilities/devcer… | x_refsource_MISC |
Impacted products
Date Public
2022-05-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert",
"vendor": "devcert",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"datePublic": "2022-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T16:47:58.000Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Exponential ReDoS in devcert",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@jfrog.com",
"DATE_PUBLIC": "2022-05-29T23:05:00.000Z",
"ID": "CVE-2022-1929",
"STATE": "PUBLIC",
"TITLE": "Exponential ReDoS in devcert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "devcert"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Denys Vozniuk from JFrog Security Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method"
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/",
"refsource": "MISC",
"url": "https://research.jfrog.com/vulnerabilities/devcert-redos-xray-211352/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2022-1929",
"datePublished": "2022-06-01T16:47:58.826Z",
"dateReserved": "2022-05-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:15.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8186 (GCVE-0-2020-8186)
Vulnerability from nvd – Published: 2020-07-10 15:37 – Updated: 2024-08-04 09:56
VLAI
Summary
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.
Severity
No CVSS data available.
CWE
- CWE-77 - Command Injection - Generic (CWE-77)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/863544 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/863544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Version: 1.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection - Generic (CWE-77)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T15:37:18.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/863544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert",
"version": {
"version_data": [
{
"version_value": "Fixed Version: 1.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection - Generic (CWE-77)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/863544",
"refsource": "MISC",
"url": "https://hackerone.com/reports/863544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8186",
"datePublished": "2020-07-10T15:37:18.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}