Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-07T14:00:00Z

Updated: 2024-09-16T17:23:13.143Z

Reserved: 2018-03-07T00:00:00Z

Link: CVE-2018-1000118

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-03-07T14:29:00.327

Modified: 2018-04-20T13:07:03.633

Link: CVE-2018-1000118

cve-icon Redhat

No data.