CVE-2021-34080

EPSS 14.7%

OS Command injection in ssl-utils

發布日:2022/6/3修改日:2023/11/8

描述

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

受影響套件(1)

npm/ssl-utilsfrom 0, <= 1.0.0

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34080
PATCHhttps://github.com/es128/ssl-utils
WEBhttps://advisory.checkmarx.net/advisory/CX-2021-4782