CVE-2020-28447

Name of the Vulnerable Software and Affected Versions: xopen versions all

Description: The issue is related to a command injection vulnerability in the xopen(filepath) function. This vulnerability exists due to the lack of neutralization of special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary operating system commands by sending specially crafted data. The injection point is located in line 14 in index.js in the exported function xopen(filepath).

Recommendations: For all versions, consider disabling the xopen(filepath) function until a patch is available to prevent exploitation. Restrict access to the xopen package to minimize the risk of exploitation. Avoid using the xopen function in sensitive operations until the issue is resolved.