Vulnerabilites related to HackerOne - electron node module
cve-2017-16151
Vulnerability from cvelistv5
Published
2018-06-07 02:00
Modified
2024-09-16 16:54
Severity ?
Summary
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
References
https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fixx_refsource_MISC
https://nodesecurity.io/advisories/539x_refsource_MISC
Impacted products
Vendor Product Version
HackerOne electron node module Version: < 1.6.14 || >= 1.7.0 < 1.7.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:20:04.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nodesecurity.io/advisories/539"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron node module",
          "vendor": "HackerOne",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
            }
          ]
        }
      ],
      "datePublic": "2018-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection (CWE-94)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-07T01:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nodesecurity.io/advisories/539"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "DATE_PUBLIC": "2018-04-26T00:00:00",
          "ID": "CVE-2017-16151",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron node module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HackerOne"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection (CWE-94)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
              "refsource": "MISC",
              "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
            },
            {
              "name": "https://nodesecurity.io/advisories/539",
              "refsource": "MISC",
              "url": "https://nodesecurity.io/advisories/539"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2017-16151",
    "datePublished": "2018-06-07T02:00:00Z",
    "dateReserved": "2017-10-29T00:00:00",
    "dateUpdated": "2024-09-16T16:54:03.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}