static/main-preload.js in Boost Note up to and including 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
boostnote boostnote |