mend-for-github-com[bot]
commented
4 hours ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #74
Closed mend-for-github-com[bot] closed 4 hours ago
mend-for-github-com[bot]
commented
4 hours ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #74
mend-for-github-com[bot]
commented
4 hours ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #74
Launch latest Chrome with the Devtools Protocol port open
Library home page: https://registry.npmjs.org/chrome-launcher/-/chrome-launcher-0.10.5.tgz
Found in HEAD commit: e860641c6c1a3b39daa0fa29dbca45ac5104d93d
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-7645
### Vulnerable Library - chrome-launcher-0.10.5.tgzLaunch latest Chrome with the Devtools Protocol port open
Library home page: https://registry.npmjs.org/chrome-launcher/-/chrome-launcher-0.10.5.tgz
Dependency Hierarchy: - :x: **chrome-launcher-0.10.5.tgz** (Vulnerable Library)
Found in HEAD commit: e860641c6c1a3b39daa0fa29dbca45ac5104d93d
Found in base branch: main
### Vulnerability DetailsAll versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.
Publish Date: 2020-05-02
URL: CVE-2020-7645
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-7645
Release Date: 2020-05-02
Fix Resolution: 0.13.2