Fábio Freitas

Name of the Vulnerable Software and Affected Versions: @ronomon/opened versions prior to 1.5.2 Description: The issue allows a remote attacker to execute commands on the system if the library is used with untrusted input. This is a command injection vulnerability. Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing all input to prevent command injection attacks. Restrict access to the library when handling untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dataiku DSS versions prior to 6.0.5 **Description** The issue allows attackers to gain write access to a project, enabling them to modify the `Created by` metadata. **Recommendations** For versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue.