QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16151

Published: Jun 7, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Vendor	Product	Versions
HackerOne	electron node module	affected `< 1.6.14 \|\| >= 1.7.0 < 1.7.8`

Weaknesses (CWE)

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

x_refsource_MISC

https://nodesecurity.io/advisories/539

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.