WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-16151 Vulnerability in npm package electron

Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2021-29418 Vulnerability in npm package netmask

CVE-2021-32012 Vulnerability in npm package xlsx

CVE-2022-1295 Vulnerability in npm package fullpage.js

CVE-2023-26920 Vulnerability in maven package org.webjars.npm:fast-xml-parser

CVE-2020-11007 Vulnerability in maven package com.shopizer:sm-core-model

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory