Lucene search
CVE-2018-1000006
🗓️ 24 Jan 2018 23:00:29Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 48 Views🌐 WEB
GitHub Electron protocol handler vulnerability in versions 1.8.2-beta.3 and earlier allows arbitrary command execution via crafted URL
Show more
| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
 | CVE-2018-1000006 | 24 Jan 201823:00 | – | cvelist |
| CVE-2018-1000118 | 7 Mar 201814:00 | – | cvelist |
 | Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug | 24 Jan 201819:16 | – | threatpost |
 | Remote Code Execution (RCE) | 26 Jan 201802:02 | – | veracode |
| Remote Code Execution (RCE) | 8 Mar 201809:54 | – | veracode |
 | Slack Technologies Slack URI Parsing Command Injection Remote Code Execution Vulnerability | 28 Mar 201800:00 | – | zdi |
| Microsoft Skype URL Command Injection Remote Code Execution Vulnerability | 18 Apr 201800:00 | – | zdi |
| Google Web Designer URI Parsing Command Injection Remote Code Execution Vulnerability | 6 Jun 201800:00 | – | zdi |
| Microsoft Teams URL Command Injection Remote Code Execution Vulnerability | 14 May 201800:00 | – | zdi |
 | Design/Logic Flaw | 24 Jan 201823:29 | – | prion |
10
Node
Node
AND
Node
AND
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| exodus://#{val}" --gpu-launcher="cmd.exe /k #{psh_escaped}" --#{val}= | path | / | Vulnerability in the ElectronJS Framework protocol handler can lead to arbitrary command execution when a specially crafted URL is clicked. | CWE-78 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo24 Jan 2018 23:29Current
8.7High risk
Vulners AI Score8.7
CVSS29.3
CVSS38.8
EPSS0.93156