daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: file/electron/electron-version-detect.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-05-03 17:07:32 -04:00
parent 6dd346d6a8
commit c476f74eea
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
file/electron/electron-version-detect.yaml
View File

@ -1,9 +1,11 @@
id: electron-version-detect
info:
name: Electron Version Detect
name: Google Chromium/Electron - Remote Code Execution
author: me9187
severity: info
description: Google Chromium contains a remote code execution vulnerability which affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: Update to Electron 1.7.8 or 1.6.14, both of which include a fix for this vulnerability.
reference:
- https://www.electronjs.org/blog/chromium-rce-vulnerability/
tags: electron,file
@ -16,3 +18,5 @@ file:
- type: regex
regex:
- '"electronVersion":"[^"]*"'
# Enhanced by md on 2023/05/03