Описание
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.
Ссылки
- Third Party Advisory
- Broken Link
- Issue Tracking
- Third Party Advisory
- Broken Link
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.3 (включая)
cpe:2.3:a:td:advanced_dashboard:*:*:*:*:*:macos:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
8.4 High
CVSS3
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 8.4
github
почти 2 года назад
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.
EPSS
Процентиль: 17%
0.00053
Низкий
8.4 High
CVSS3
Дефекты
CWE-276