Headline
CVE-2021-34080: Checkmarx Advisory
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
From time to time, our security researchers find zero-day vulnerabilities in open source projects. When this happens, we inform the relevant maintaners of the package and publish our findings here only after they’ve been remediated, or when a patch is available.
Related news
GHSA-552j-pv39-f3jf: OS Command injection in ssl-utils
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.