Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/electron@1.6.8

Type npm

Namespace

Name electron

Version 1.6.8

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.6.12

Latest_non_vulnerable_version 27.0.0-beta.8

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-up47-dhwy-ubeh

vulnerability_id VCID-up47-dhwy-ubeh

summary

OS Command Injection
Recent Electron versions do not have strict Same Origin Policy (SOP) enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12581
reference_id	CVE-2017-12581
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12581

fixed_packages

url	pkg:npm/electron@1.6.8
purl	pkg:npm/electron@1.6.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.6.8

aliases CVE-2017-12581

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-up47-dhwy-ubeh

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.6.8

Package Instance