CRITICAL 9.8
GHSA-4w88-rjj3-x7wp
Chromium Remote Code Execution in electron
Details
Affected versions of `ElectronJS` are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
## Recommendation
Update to electron version 1.7.8 or later.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2017-16151 [ADVISORY]
- https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix [WEB]
- https://electronjs.org/blog/chromium-rce-vulnerability [WEB]
- https://github.com/advisories/GHSA-4w88-rjj3-x7wp [ADVISORY]
- https://www.npmjs.com/advisories/539 [WEB]