Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for electron node module by HackerOne

    CVE-2017-16151 (GCVE-0-2017-16151)

    Vulnerability from nvd – Published: 2018-06-07 02:00 – Updated: 2024-09-16 16:54
    VLAI
    Summary
    Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Code Injection (CWE-94)
    Assigner
    References
    Impacted products
    Vendor Product Version
    HackerOne electron node module Affected: < 1.6.14 || >= 1.7.0 < 1.7.8
    Create a notification for this product.
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:20:04.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodesecurity.io/advisories/539"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection (CWE-94)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodesecurity.io/advisories/539"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2017-16151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "electron node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection (CWE-94)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
                  "refsource": "MISC",
                  "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
                },
                {
                  "name": "https://nodesecurity.io/advisories/539",
                  "refsource": "MISC",
                  "url": "https://nodesecurity.io/advisories/539"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-16151",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-10-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:54:03.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16151 (GCVE-0-2017-16151)

    Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 16:54
    VLAI
    Summary
    Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Code Injection (CWE-94)
    Assigner
    References
    Impacted products
    Vendor Product Version
    HackerOne electron node module Affected: < 1.6.14 || >= 1.7.0 < 1.7.8
    Create a notification for this product.
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:20:04.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nodesecurity.io/advisories/539"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection (CWE-94)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nodesecurity.io/advisories/539"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2017-16151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "electron node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection (CWE-94)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
                  "refsource": "MISC",
                  "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
                },
                {
                  "name": "https://nodesecurity.io/advisories/539",
                  "refsource": "MISC",
                  "url": "https://nodesecurity.io/advisories/539"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2017-16151",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-10-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:54:03.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }