5 matches found
Electron NodeIntegration Remote Code Execution (CVE-2018-1000136)
A remote code execution vulnerability exists in Electron. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Simple bug could lead to RCE flaw on apps built with Electron Framework
A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers. Electron is an open source app development framework that powers thousands of widely-used desktop...
@quarks/bpmn-extension (=1.0.0), @quarks/contract-extension (>=1.0.0 <=1.0.6) +45 more potentially affected by CVE-2018-1000136 via electron (>=1.7.0 <=1.7.12)
electron NPM version =1.7.0, =1.0.0, =1.0.1, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0cc6469e, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0cc6469e,...
@felixrieseberg/electron-prebuilt-compile (>=2.0.0-beta.1 <=2.0.0-beta.4), electron-prebuilt-compile (>=2.0.0-beta.1 <=2.0.0-beta.4) potentially affected by CVE-2018-1000136 via electron (>=2.0.0-beta.1 <=2.0.0-beta.4)
electron NPM version =2.0.0-beta.1, =2.0.0-beta.1, =2.0.0-beta.1, =2.0.0-beta.4 Source cves: CVE-2018-1000136 Source advisory: OSV:GHSA-8XWG-WV7V-4VQP...
CVE-2018-1000136
CVE-2018-1000136 concerns the Electron framework where Webviews mishandle values, enabling potential remote code execution. Affected are Electron versions: 1.7.x up to 1.7.12, 1.8.x up to 1.8.3, and 2.0.0 up to 2.0.0-beta.3. The issue appears when an application allows execution of third‑party co...