Name of the Vulnerable Software and Affected Versions open versions prior to 6.0.0

Description The issue arises from command injection when unsanitized user input is passed to the open function. The package's documentation warns that the same caution should be taken as with child process.exec since executables will run in a new shell.

Recommendations For versions prior to 6.0.0, upgrading to the latest version of the package, now known as opn, will prevent this issue, although it may introduce API changes.