Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-16151 Vulnerability in maven package org.webjars.npm:electron

Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2019-5748 Vulnerability in maven package org.traccar:traccar

CVE-2023-22894 Vulnerability in npm package @strapi/strapi

CVE-2022-23540 Vulnerability in npm package jsonwebtoken

CVE-2018-11011 Vulnerability in maven package cc.ryanc:halo

CVE-2020-6532 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory