EUVD-2022-2989

Malicious code in bioql PyPI...

Remote Code Execution

Overview GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. More information to...

CVE-2018-15685

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

Remote code execution

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

CVE-2018-15685

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

Command injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

GitHub Electron Arbitrary Command Execution Vulnerability

GitHub Electron is an application development framework from the American company GitHub. The framework supports writing cross-platform desktop applications using JavaScript, HTML and CSS. A security vulnerability exists in the protocol handler in GitHub Electron versions 1.8.2-beta.3 and earlier...

CVE-2018-1000006

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user click...

CVE-2018-1000006

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user click...

Design/Logic Flaw

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user click...

CVE-2018-1000006

The CVE-2018-1000006 entry concerns GitHub Electron. Affected Electron versions include 1.8.2-beta.3 and earlier, 1.7.10 and earlier, and 1.6.15 and earlier. The vulnerability lies in the protocol handler: Electron apps on Windows (10/7/2008) that register custom protocol handlers can be tricked ...

CVE-2018-1000006

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user click...

Github Electron URL Spoofing Vulnerability

GitHub Electron is an application development framework from the American company GitHub. The framework supports writing cross-platform desktop applications using JavaScript, HTML and CSS. A security vulnerability exists in Github Electron versions 1.6.4 through 1.6.11 and 1.7.0 through 1.7.5. An...

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

Command injection

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

CVE-2017-1000424

The CVE-2017-1000424 entry concerns GitHub Electron versions 1.6.4–1.6.11 and 1.7.0–1.7.5, which are vulnerable to a URL spoofing flaw when opening PDFs in PDFium. This can result in loading arbitrary PDFs controlled by an attacker. The root cause is described as a PDFium-related URL spoofing vul...

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

Remote Code Execution (RCE)

Electron.js is vulnerable to remote code execution RCE. Github Electron has nodeIntegration enabled by default allowing Javascript to access operating system primitives. This affects all applications that bundle Electron...

GitHub Electron nodeIntegration Bypass Vulnerability

GitHub Electron is an open source framework for building desktop applications using HTML, CSS and JavaScript. A bypass vulnerability exists in GitHub Electron nodeIntegration. Allows an attacker to perform remote command execution...