CVE-2017-16151

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled.

Ссылки

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
Broken Link
https://nodesecurity.io/advisories/539
Third Party Advisory
https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
Broken Link
https://nodesecurity.io/advisories/539
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*

Версия до 1.7.8 (исключая)

EPSS

Процентиль: 86%

0.02704

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-4w88-rjj3-x7wp