search

fabiospampinato / vscode-open-in-application

Open an arbitrary file in its default app, or the app you want.
MIT License
19 stars 0 forks source link

Security Vulnerability Concern in open@0.0.5 #21

Closed Bruswei closed 3 months ago

Bruswei commented 7 months ago

Hello,

I hope this message finds you well. I am reaching out to address a significant security concern within the Visual Studio Code extension, specifically related to one of its dependencies.

Upon review, I have identified a critical vulnerability associated with the open package, version 0.0.5, which is currently being used in this extension. The vulnerability details are as follows:

Issue: Arbitrary Code Injection
Severity: Critical Severity
Vulnerability Link: [SNYK-JS-OPEN-174041](https://security.snyk.io/vuln/SNYK-JS-OPEN-174041)
Introduced By: open@0.0.5

Are there any plans to update the open dependency to a more secure version to address this vulnerability?

Looking forward to your response and any guidance you can provide on how best to proceed with resolving this issue.

Thank you for your time and attention to this matter.

fabiospampinato commented 3 months ago

v2 uses open@8.4.2, so this is no longer a concern I guess.