2 matches found
0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +548 more potentially affected by CVE-2017-12581 via electron (>=0.1.2 <=1.6.7)
electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.0, =1.0.6, =4.0.23, =0.0.7, =0.0.73, =1.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2017-12581 Source advisory: OSV:GHSA-7FV9-M79R-J9X8...
CVE-2017-12581
CVE-2017-12581 affects GitHub Electron before 1.6.8, where a nodeIntegration bypass can bypass the Same Origin Policy and allow remote command execution. A privileged chrome-devtools:// URL could eval Node.js primitives (e.g., child_process.execFile), enabling OS commands on the user’s host. The ...