CVE-2021-41392

2021-09-1721:24:02

mitre

www.cve.org

9.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.

References

github.com/BoostIO/BoostNote-App/issues/856