CVE-2017-16151
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
En base a los detalles proporcionados por el equipo ElectronJS, se ha descubierto una vulnerabilidad de ejecución remota de código en Google Chromium que afecta a todas las versiones recientes de Electron. Cualquier aplicación de Electron que acceda a contenido remoto es vulnerable a este exploit, independientemente de si la [opción sandbox] (https://electron.atom.io/docs/api/sandbox-option) está habilitada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-29 CVE Reserved
- 2018-06-07 CVE Published
- 2024-07-30 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix | Broken Link | |
| https://nodesecurity.io/advisories/539 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | < 1.7.8 Search vendor "Electronjs" for product "Electron" and version " < 1.7.8" | node.js |
Affected
| ||||||