27 lines
1.0 KiB
YAML
27 lines
1.0 KiB
YAML
id: electron-version-detect
|
|
|
|
info:
|
|
name: Google Chromium/Electron - Remote Code Execution
|
|
author: me9187
|
|
severity: info
|
|
description: Google Chromium contains a remote code execution vulnerability which affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
|
remediation: Update to Electron 1.7.8 or 1.6.14, both of which include a fix for this vulnerability.
|
|
reference:
|
|
- https://www.electronjs.org/blog/chromium-rce-vulnerability/
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
|
cvss-score: 0.0
|
|
cwe-id: CWE-200
|
|
tags: electron,file
|
|
|
|
file:
|
|
- extensions:
|
|
- json
|
|
|
|
extractors:
|
|
- type: regex
|
|
regex:
|
|
- '"electronVersion":"[^"]*"'
|
|
|
|
# Enhanced by md on 2023/05/03
|