Affected versions of `ElectronJS` are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

## Recommendation

Update to electron version 1.7.8 or later.

Affected Packages

npm electron

Affected versions: 0 (fixed in 1.6.14)

npm electron

Affected versions: 1.7.0 (fixed in 1.7.8)

Related CVEs

CVE-2017-16151

Key Information

GHSA ID

GHSA-4w88-rjj3-x7wp

Published

July 24, 2018 8:04 PM

Last Modified

September 13, 2023 7:15 PM

CVSS Score

9.0 /10

Primary Ecosystem

npm

Primary Package

electron

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.