PT-2019-19991 · Open · Open
Published
2019-06-20
·
Updated
2019-06-20
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
open versions prior to 6.0.0
Description
The issue arises from command injection when unsanitized user input is passed to the
open function. The package's documentation warns that the same caution should be taken as with child process.exec since executables will run in a new shell.Recommendations
For versions prior to 6.0.0, upgrading to the latest version of the package, now known as
opn, will prevent this issue, although it may introduce API changes.Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open