Main Vulnerability Database Vulnerabilities #VU31286

Code Injection in Electron - CVE-2017-16151

Published: June 7, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31286

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-16151

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Electron

Affected software:
Electron

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

How to mitigate CVE-2017-16151

Install update from vendor's website.

Code Injection in Electron - CVE-2017-16151

Detailed vulnerability description

How to mitigate CVE-2017-16151

Sources

Please verify you're human