Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-16151

UNKNOWN
Published 2018-06-07T02:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-16151. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

electron node module

Affected Versions:

< 1.6.14 || >= 1.7.0 < 1.7.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Chromium Remote Code Execution in electron

GHSA-4w88-rjj3-x7wp

Advisory Details

Affected versions of `ElectronJS` are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled. ## Recommendation Update to electron version 1.7.8 or later.

Affected Packages

npm electron
ECOSYSTEM: ≥0 <1.6.14
npm electron
ECOSYSTEM: ≥1.7.0 <1.7.8

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-16151
WEB https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
WEB https://electronjs.org/blog/chromium-rce-vulnerability
ADVISORY https://github.com/advisories/GHSA-4w88-rjj3-x7wp
WEB https://www.npmjs.com/advisories/539

Advisory provided by GitHub Security Advisory Database. Published: July 24, 2018, Modified: September 13, 2023

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
https://nodesecurity.io/advisories/539
Published: 2018-06-07T02:00:00Z
Last Modified: 2024-09-16T16:54:03.710Z
Copied to clipboard!