2 matches found
@ftnk/electron-prebuilt-compile (=1.7.3), @philipptrenz/photo-booth (>=1.0.1 <=1.0.6) +57 more potentially affected by CVE-2017-1000424 via electron (>=1.7.0 <=1.7.5)
electron NPM version =1.7.0, =1.0.1, =1.0.0, =1.0.1, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0cc6469e, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.ff386514 and more Source cves:...
CVE-2017-1000424
The CVE-2017-1000424 entry concerns GitHub Electron versions 1.6.4–1.6.11 and 1.7.0–1.7.5, which are vulnerable to a URL spoofing flaw when opening PDFs in PDFium. This can result in loading arbitrary PDFs controlled by an attacker. The root cause is described as a PDFium-related URL spoofing vul...