Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-07T14:00:00Z
Updated: 2024-09-16T17:23:13.143Z
Reserved: 2018-03-07T00:00:00Z
Link: CVE-2018-1000118
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-03-07T14:29:00.327
Modified: 2018-04-20T13:07:03.633
Link: CVE-2018-1000118
Redhat
No data.