CVE-2021-34080

EPSS 14.7%

OS Command injection in ssl-utils

Published: 6/3/2022Modified: 11/8/2023

Description

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

Affected packages (1)

npm/ssl-utilsfrom 0, <= 1.0.0

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34080
PATCHhttps://github.com/es128/ssl-utils
WEBhttps://advisory.checkmarx.net/advisory/CX-2021-4782