WS-2018-0107 High Severity Vulnerability detected by WhiteSource #39
Description
WS-2018-0107 - High Severity Vulnerability
Vulnerable Library - open-0.0.5.tgz
open a file or url in the user's preferred application
path: /tmp/git/webvr-starter-kit/node_modules/open/package.json
Library home page: http://registry.npmjs.org/open/-/open-0.0.5.tgz
Dependency Hierarchy:
- webpack-dev-server-1.16.5.tgz (Root Library)
- ❌ open-0.0.5.tgz (Vulnerable Library)
Vulnerability Details
All versions of open are vulnerable to command injection when unsanitized user input is passed in.
Publish Date: 2018-05-16
URL: WS-2018-0107
CVSS 2 Score Details (10.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/663
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.
Step up your Open Source Security Game with WhiteSource here