The Python console in Electrum up to and including 2.9.4 and 3.x up to and including 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for malicious users to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
electrum electrum 3.0.3 |
||
electrum electrum |
||
electrum electrum 3.0.5 |
||
electrum electrum 3.0.0 |
||
electrum electrum 3.0.1 |
||
electrum electrum 3.0.2 |