Top 5 New Open Source Vulnerabilities in June 2018

Independence day weekend is upon us, and hopefully most of us are in the summer holiday mode: the sound of fireworks still ringing in our ears, hangovers ebbing and flowing, and tans stronger every day. As the U.S enjoys a well-deserved weekend off, celebrating independence, we continue to celebrate the independent and innovative spirit of the open source community. Who knew 20 years ago that open source components would become the building blocks of most software products?

In order to ensure that organizations can continue to harness the power of open source, our database continues to aggregate data about open source vulnerabilities and their fixes, so that you can ensure that the open source components that you are using are secure.

This is our list of June’s top 5 new known open source security vulnerabilities, collected by the WhiteSource database, which is updated continuously from the National Vulnerability Database (NVD), as well as multiple publicly available, peer-reviewed security advisories and issue trackers.

Download: The Complete Guide to Open Source Security

June’s top 5 list of vulnerable open source components has some old favorites that many of us are probably using. Some of them were published in the NVD, but three out of the five were made public in other security advisories that many developers are probably less familiar with.


#1 Apache Ant


Vulnerability Score: High — 8.5

Affected versions: prior to version 1.9.12

Apache Ant, the Java based build tool from one of the OGs of the free and open source community, was hit with an archive extraction vulnerability: an archive extraction issue that was disclosed this month and affects quite a few projects.

In the case of Ant, affected versions are vulnerable to a path traversal issue in archive extraction. This vulnerability (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: