CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.5%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.3

References

https://github.com/electron/electron/pull/10008
https://github.com/electron/electron/pull/10008/files
https://github.com/electron/electron/pull/10008
https://github.com/electron/electron/pull/10008/files

Products affected by CVE-2017-1000424

Atom » Electron » Version: Any

cpe:2.3:a:atom:electron:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000424

Products

Pricing

Contact Us