Описание
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-28134
- https://github.com/AkashRajpurohit/clipper/issues/13
- https://github.com/AkashRajpurohit/clipper/pull/14
- https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19
- https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5
EPSS
Процентиль: 92%
0.08178
Низкий
CVE ID
Связанные уязвимости
CVSS3: 9.8
nvd
почти 5 лет назад
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
EPSS
Процентиль: 92%
0.08178
Низкий