Lucene search

GitHub Advisory DatabaseGHSA-4W88-RJJ3-X7WP

HistoryJul 24, 2018 - 8:04 p.m.

Chromium Remote Code Execution in electron

2018-07-2420:04:23

CWE-94

GitHub Advisory Database

github.com

151

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.5%

JSON

Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled.

Recommendation

Update to electron version 1.7.8 or later.

Affected configurations

Vulners

Node

electronelectronRange1.7.0–1.7.8

electronelectronRange<1.6.14

VendorProductVersionCPE
electronelectron*cpe:2.3:a:electron:electron:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
electron	electron	*	cpe:2.3:a:electron:electron::::::::

References

electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

electronjs.org/blog/chromium-rce-vulnerability

github.com/advisories/GHSA-4w88-rjj3-x7wp

nvd.nist.gov/vuln/detail/CVE-2017-16151

www.npmjs.com/advisories/539

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.5%

JSON

Related for GHSA-4W88-RJJ3-X7WP