Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-28447 Vulnerability in npm package xopen

Description

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)

Remediation

References

https://security.snyk.io/vuln/SNYK-JS-XOPEN-1050981

Related Vulnerabilities

CVE-2013-7315 Vulnerability in maven package org.springframework:spring-web

CVE-2023-31716 Vulnerability in npm package @frangoteam/fuxa

CVE-2022-0341 Vulnerability in npm package vditor

CVE-2022-0654 Vulnerability in npm package requestretry

CVE-2019-19703 Vulnerability in maven package io.ktor:ktor-client-core

Severity

Critical

Classification

CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory