Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for electron node module by HackerOne
CVE-2017-16151 (GCVE-0-2017-16151)
Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 16:54
VLAI?
Summary
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Code Injection (CWE-94)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | electron node module |
Affected:
< 1.6.14 || >= 1.7.0 < 1.7.8
|
Date Public ?
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:20:04.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron node module",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
"refsource": "MISC",
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"name": "https://nodesecurity.io/advisories/539",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16151",
"datePublished": "2018-06-07T02:00:00.000Z",
"dateReserved": "2017-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:54:03.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16151 (GCVE-0-2017-16151)
Vulnerability from nvd – Published: 2018-06-07 02:00 – Updated: 2024-09-16 16:54
VLAI?
Summary
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Code Injection (CWE-94)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | electron node module |
Affected:
< 1.6.14 || >= 1.7.0 < 1.7.8
|
Date Public ?
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:20:04.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron node module",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
"refsource": "MISC",
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"name": "https://nodesecurity.io/advisories/539",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16151",
"datePublished": "2018-06-07T02:00:00.000Z",
"dateReserved": "2017-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:54:03.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}