Open mend-bolt-for-github[bot] opened 5 years ago
open a file or url in the user's preferred application
path: /tmp/git/URL-Shortener-Microservice/node_modules/open/package.json
Library home page: http://registry.npmjs.org/open/-/open-0.0.5.tgz
All versions of open are vulnerable to command injection when unsanitized user input is passed in.
Publish Date: 2018-05-16
URL: WS-2018-0107
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/663
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.
Step up your Open Source Security Game with WhiteSource here
WS-2018-0107 - High Severity Vulnerability
open a file or url in the user's preferred application
path: /tmp/git/URL-Shortener-Microservice/node_modules/open/package.json
Library home page: http://registry.npmjs.org/open/-/open-0.0.5.tgz
Dependency Hierarchy: - reload-2.2.2.tgz (Root Library) - :x: **open-0.0.5.tgz** (Vulnerable Library)All versions of open are vulnerable to command injection when unsanitized user input is passed in.
Publish Date: 2018-05-16
URL: WS-2018-0107
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/663
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.
Step up your Open Source Security Game with WhiteSource here