WS-2018-0107 High Severity Vulnerability detected by WhiteSource #39

mend-bolt-for-github · 2019-03-28T13:06:10Z

WS-2018-0107 - High Severity Vulnerability

Vulnerable Library - open-0.0.5.tgz

open a file or url in the user's preferred application

path: /tmp/git/webvr-starter-kit/node_modules/open/package.json

Library home page: http://registry.npmjs.org/open/-/open-0.0.5.tgz

Dependency Hierarchy:

webpack-dev-server-1.16.5.tgz (Root Library)
- ❌ open-0.0.5.tgz (Vulnerable Library)

Vulnerability Details

All versions of open are vulnerable to command injection when unsanitized user input is passed in.

Publish Date: 2018-05-16

URL: WS-2018-0107

CVSS 2 Score Details (10.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/663

Release Date: 2018-05-16

Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0107 High Severity Vulnerability detected by WhiteSource #39

WS-2018-0107 High Severity Vulnerability detected by WhiteSource #39

mend-bolt-for-github bot commented Mar 28, 2019

WS-2018-0107 High Severity Vulnerability detected by WhiteSource #39

WS-2018-0107 High Severity Vulnerability detected by WhiteSource #39

Comments

mend-bolt-for-github bot commented Mar 28, 2019

WS-2018-0107 - High Severity Vulnerability