What the vulnerability does

01Description

A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.

Key dates

02Disclosure timeline

July 10, 2020 CVE published
August 4, 2024 Record updated