Critical Code Injection Vulnerability in xopen Package (All Versions)

Critical Code Injection Vulnerability in xopen Package (All Versions)

CVE-2020-28447 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)

Learn more about our Web Application Penetration Testing UK.