Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Github Electron Protocol Handler 命令注入漏洞
Vulnerability Description
GitHub Electron是美国GitHub公司的一个应用程序开发框架。该框架支持使用JavaScript、HTML和CSS编写跨平台桌面应用程序。Protocol Handler是其中的一个协议处理程序。 Github Electron 1.8.2-beta.4及之前版本中的Protocol Handler存在命令注入漏洞。当用户在浏览器中打开electron协议处理程序时,攻击者可利用该漏洞执行命令。
CVSS Information
N/A
Vulnerability Type
N/A