2 matches found
CVE-2014-9530
CVE-2014-9530 affects nw.js prior to 0.11.3. The vulnerability occurs when calling nw methods from normal frames; the description provides no explicit impact, only that the impact is unspecified. The entry includes CVSS scores (2.0: 7.5 - HIGH; 3.1: 9.8 - CRITICAL) indicating serious severity, wi...
CVE-2016-10588
CVE-2016-10588 affects the nw installer for nw.js. The install process downloads zipped resources over HTTP, enabling a network-positioned attacker to swap the requested zip with a malicious binary, potentially causing remote code execution on the user’s system. The issue is corroborated by multi...