Published: 07/03/2018 Updated: 20/04/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Github Electron version Electron 1.8.2-beta.4 and previous versions contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an malicious user to potentially bypass it.

Vulnerable Product	Search on Vulmon	Subscribe to Product
electronjs electron 1.8.2
electronjs electron

Damn Vulnerable Crypto Wallet

DVCW Damn Vulnerable Crypto Wallet is an extremely insecure Ethereum cryptowallet written in JavaScript It has three main modules: Desktop app: built with Electron and Vue Web API: built with NodeJS using Express, SQLite and Web3 Local Ethereum blockchain: built using Truffle and Ganache-cli with deployed smart contracts written in Solidity Setup Note: The following steps a

CWE-78 https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7 https://electronjs.org/releases#1.8.2-beta.5 https://nvd.nist.gov https://github.com/etsploit/dvcw

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1000118

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect