Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-28447 Vulnerability in npm package xopen

Description

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)

Remediation

References

https://security.snyk.io/vuln/SNYK-JS-XOPEN-1050981

Related Vulnerabilities

CVE-2017-16143 Vulnerability in npm package commentapp.stetsonwood

CVE-2021-23371 Vulnerability in npm package chrono-node

CVE-2017-16109 Vulnerability in npm package easyquick

CVE-2020-8897 Vulnerability in maven package com.amazonaws:aws-encryption-sdk-java

CVE-2022-24891 Vulnerability in maven package org.owasp.esapi:esapi

Severity

Critical

Classification

CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory