Количество 3
Количество 3
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and earlier contains a C ...
GHSA-fjqr-fx3f-g4rv
Electron protocol handler browser vulnerable to Command Injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-1000118 Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. | CVSS3: 8.8 | 5% Низкий | почти 8 лет назад |
| CVE-2018-1000118 Github Electron version Electron 1.8.2-beta.4 and earlier contains a C ... | CVSS3: 8.8 | 5% Низкий | почти 8 лет назад |
| GHSA-fjqr-fx3f-g4rv Electron protocol handler browser vulnerable to Command Injection | CVSS3: 8.8 | 5% Низкий | почти 8 лет назад |
Уязвимостей на страницу