CVE-2021-34080: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

June 3, 2022

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

References

advisory.checkmarx.net/advisory/CX-2021-4782
github.com/advisories/GHSA-552j-pv39-f3jf
nvd.nist.gov/vuln/detail/CVE-2021-34080

Code Behaviors & Features

Detect and mitigate CVE-2021-34080 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →