Описание
Chromium Remote Code Execution in electron
Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled.
Recommendation
Update to electron version 1.7.8 or later.
Пакеты
Наименование
electron
npm
Затронутые версииВерсия исправления
< 1.6.14
1.6.14
Наименование
electron
npm
Затронутые версииВерсия исправления
>= 1.7.0, < 1.7.8
1.7.8
Связанные уязвимости
CVSS3: 9.8
nvd
больше 7 лет назад
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.