CVE-2021-34080
published 2022-06-02CVE-2021-34080: OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.21%
86.6th percentile
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ssl-utils_project | ssl-utils | <= 1.0.0 | — |
| ssl-utils_project | ssl-utils | 0 – 1.0.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OS Command injection in ssl-utils
ghsa·2022-06-03
CVE-2021-34080 [HIGH] CWE-78 OS Command injection in ssl-utils
OS Command injection in ssl-utils
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
OSV
OS Command injection in ssl-utils
osv·2022-06-03
CVE-2021-34080 [HIGH] OS Command injection in ssl-utils
OS Command injection in ssl-utils
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-02
Published