High level Arbitrary Command Injection vulnerability
Created by: micheleriso
Describe the bug
Last version of react-dev-utils requires the library open@6.4.0 that has an high level Arbitrary Command Injection vulnerability https://snyk.io/vuln/npm:open:20180512
Did you try recovering your dependencies?
Yes. I updated to latest versions
Which terms did you search for in User Guide?
Environment
Steps to reproduce
(Write your steps here:)
- Npm install react-scripts
- npm audit
Expected behavior
(Write what you thought would happen.)
Actual behavior
(Write what happened. Please add screenshots!)
Reproducible demo
(Paste the link to an example project and exact instructions to reproduce the issue.)