Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000136

Опубликовано: 23 мар. 2018
Источник: debian
EPSS Низкий

Описание

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
electronitppackage

EPSS

Процентиль: 81%
0.01559
Низкий

Связанные уязвимости

redhat логотип

CVE-2018-1000136

CVSS3: 8.1
redhat
почти 8 лет назад

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.

nvd логотип

CVE-2018-1000136

CVSS3: 8.1
nvd
почти 8 лет назад

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.

github логотип

GHSA-8xwg-wv7v-4vqp

CVSS3: 8.1
github
почти 8 лет назад

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

EPSS

Процентиль: 81%
0.01559
Низкий