CVE-2019-10778

Summary

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization.

Affected Software

VendorProductVersion RangeStatus
n/adevcert-sanscacheAll versions prior to version 0.4.7affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References