Lucene search

CVE-2018-1000136

🗓️ 23 Mar 2018 19:00:29Reported by [email protected]Type

Electron version 1.7 up to 1.7.12, 1.8 up to 1.8.3, and 2.0.0 up to 2.0.0-beta.3 is vulnerable to remote code execution via Webview

Reporter	Title	Published	Views	Family All 10
OSV	Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration	26 Mar 201816:41	–	osv
OSV	CVE-2018-1000136	23 Mar 201819:29	–	osv
The Hacker News	Simple bug could lead to RCE flaw on apps built with Electron Framework	14 May 201809:46	–	thn
Talos Blog	in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal	10 Dec 201808:51	–	talosblog
RedhatCVE	CVE-2018-1000136	23 Mar 201821:48	–	redhatcve
Cvelist	CVE-2018-1000136	23 Mar 201819:00	–	cvelist
CVE	CVE-2018-1000136	23 Mar 201819:29	–	cve
Check Point Advisories	Electron NodeIntegration Remote Code Execution (CVE-2018-1000136)	15 May 201800:00	–	checkpoint_advisories
Prion	Input validation	23 Mar 201819:29	–	prion
Github Security Blog	Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration	26 Mar 201816:41	–	github

Nvd

Node

electronjs electronRange1.7.0–1.7.12

electronjs electronRange1.8.0–1.8.3

electronjs electronMatch2.0.0

electronjs electronMatch2.0.0beta1

electronjs electronMatch2.0.0beta2

electronjs electronMatch2.0.0beta3

electronjs electronMatch2.0.0beta4

Source	Link
electronjs	www.electronjs.org/blog/webview-fix
trustwave	www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Mar 2018 19:29Current

8.5High risk

Vulners AI Score8.5

CVSS26.8

CVSS38.1

EPSS0.00976

CWE-20