Top 5 New Open Source Security Vulnerabilities in October 2019

November is here, and those of us in the US know what that means: the carved pumpkins of Halloween will soon be replaced by pumpkin pies, and the ooky spooky haunted house decorations will make way for the arguably scarier tradition of Thanksgiving family gatherings. However, there’s one occurrence that we can all count on to send chills down our spines all year round, and that’s the discovery of new open source security vulnerabilities — which brings us to one of my favorite monthly traditions: our list of top 5 new open source vulnerabilities in October. 

WhiteSource’s trusted and hardworking Knowledge Team once again researched the WhiteSource database to put together a list of the top 5 new open source security vulnerabilities that we should all look out for. The WhiteSource database aggregates newly published open source security vulnerabilities from a variety of community resources, including the National Vulnerability Database (NVD), peer-reviewed security advisories, and issue trackers, to provide us with all of the data that we need in order to detect known open source vulnerabilities in our software projects. 

Some of October’s top 5 list of new open source vulnerabilities grabbed a few headlines, but whether they created media buzz or not, all five vulnerabilities are connected to popular open source projects that many of us in the software development ecosystem are using. 

So, here they are folks, October’s top 5 new open source security vulnerabilities, to help you make sure you get to them before the hackers do. 

#1 Kubernetes 


Vulnerability Score: High — 7.5

Affected versions: v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2

An improper input validation issue in vulnerable versions of the API server lets authorized users (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: