Top 5 New Open Source Vulnerabilities of January 2018

Top 5 New Open Source Vulnerabilities for January 2018

According to our database, January brought in some new and nasty open source vulnerabilities. Which ones hit us the hardest?


It seems like it was just yesterday that we emerged from our New Year’s vacations and sat back at our desks, coffee in hand, ready to take on whatever January may bring. But January has come and gone, leaving us with some doozies of newly published open source vulnerabilities aggregated by our loyal friend, the WhiteSource database.

Today, we’ll give you a rundown of the five most common new vulnerabilities in January. These are the known open source vulnerabilities published this month that our analysts found affected the most organizations this month.

Some of this month’s vulnerabilities were found in open source components that have been ruling the ecosystem for many years, and others are newer kids on the block. Either way, we’re here to help you make sure that your open source components are updated and vulnerability-free.

#1 Electron

Vulnerability score: High — 9.6


Versions: 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier

The Electron security vulnerability gets the notorious first place in our January list and was featured in major headlines last week, thanks to the many popular apps created using this open source framework.

Electron is a very popular node.js, V8, and Chromium open source framework that enables developers to create native applications using web technologies like JavaScript, HTML and CSS. It’s well-known users include organizations like Microsoft, Facebook, Slack, Docker, and WordPress, to name a few. Popular applications Skype, GitHub’s Atom Editor, and the Signal messaging app are built using the Electron framework, putting a lot of folks justifiably on edge.  

The critical vulnerability (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Blog – WhiteSource. Read the original post at: