Enhancement: file/electron/electron-version-detect.yaml by md
parent
6dd346d6a8
commit
c476f74eea
|
@ -1,9 +1,11 @@
|
|||
id: electron-version-detect
|
||||
|
||||
info:
|
||||
name: Electron Version Detect
|
||||
name: Google Chromium/Electron - Remote Code Execution
|
||||
author: me9187
|
||||
severity: info
|
||||
description: Google Chromium contains a remote code execution vulnerability which affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
||||
remediation: Update to Electron 1.7.8 or 1.6.14, both of which include a fix for this vulnerability.
|
||||
reference:
|
||||
- https://www.electronjs.org/blog/chromium-rce-vulnerability/
|
||||
tags: electron,file
|
||||
|
@ -16,3 +18,5 @@ file:
|
|||
- type: regex
|
||||
regex:
|
||||
- '"electronVersion":"[^"]*"'
|
||||
|
||||
# Enhanced by md on 2023/05/03
|
||||
|
|
Loading…
Reference in New Issue