Search criteria
3 vulnerabilities found for devcert-sanscache by devcert-sanscache_project
FKIE_CVE-2019-10778
Vulnerability from fkie_nvd - Published: 2020-01-08 16:15 - Updated: 2024-11-21 04:19
Severity ?
Summary
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| devcert-sanscache_project | devcert-sanscache | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F77C3D-6D01-41C0-B850-F5B55906A239",
"versionEndExcluding": "0.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization."
},
{
"lang": "es",
"value": "devcert-sanscache versiones anteriores a la versi\u00f3n 0.4.7, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una Inyecci\u00f3n de Comando por medio de la funci\u00f3n exec. La variable \"commonName\" controlada por la entrada del usuario es usada como parte de la funci\u00f3n \"exec\" sin ning\u00fan tipo de saneamiento."
}
],
"id": "CVE-2019-10778",
"lastModified": "2024-11-21T04:19:54.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T16:15:10.797",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-10778 (GCVE-0-2019-10778)
Vulnerability from cvelistv5 – Published: 2020-01-08 15:03 – Updated: 2024-08-04 22:32
VLAI?
Summary
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | devcert-sanscache |
Affected:
All versions prior to version 0.4.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert-sanscache",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 0.4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T15:03:24",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2019-10778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert-sanscache",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 0.4.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926",
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2019-10778",
"datePublished": "2020-01-08T15:03:24",
"dateReserved": "2019-04-03T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10778 (GCVE-0-2019-10778)
Vulnerability from nvd – Published: 2020-01-08 15:03 – Updated: 2024-08-04 22:32
VLAI?
Summary
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | devcert-sanscache |
Affected:
All versions prior to version 0.4.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "devcert-sanscache",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 0.4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T15:03:24",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2019-10778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "devcert-sanscache",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 0.4.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926",
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2019-10778",
"datePublished": "2020-01-08T15:03:24",
"dateReserved": "2019-04-03T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}