Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000136

Опубликовано: 23 мар. 2018
Источник: redhat
CVSS3: 8.1

Описание

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
JBoss Developer Studio 11ElectronNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-228
https://bugzilla.redhat.com/show_bug.cgi?id=1560094electron: Improper handling of values in Webviews

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1000136

CVSS3: 8.1
nvd
почти 8 лет назад

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.

debian логотип

CVE-2018-1000136

CVSS3: 8.1
debian
почти 8 лет назад

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0 ...

github логотип

GHSA-8xwg-wv7v-4vqp

CVSS3: 8.1
github
почти 8 лет назад

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

8.1 High

CVSS3