Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-48285PUBLISHED: 2023-01-29loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CVE-2023-0564PUBLISHED: 2023-01-29Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2021-4315PUBLISHED: 2023-01-28
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has be...
CVE-2023-0562PUBLISHED: 2023-01-28
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched re...
CVE-2023-0563PUBLISHED: 2023-01-28
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the...
User Rank: Strategist
8/15/2018 | 2:41:39 PM
Singling this out as an open-source problem is insufficiently precise. The valid points made here have less to do with open source per se than they do with overall software supply chain.
Further, most closed-source projects are themselves built on top of many layers of open-source components - from Linux to Apache http to Cygwin to the broad spectrum of libraries. This is especially true for security appliances. With open source, you and others can at least verify that you're using current, patched versions of those components - and quickly upgrade them to respond to vulnerabilities, instead of waiting for your vendor's next quarterly/yearly patch/certification cycle.
As a FOSS advocate, it would have been more even-handed of you to have included points such as these as part of your analysis.