Vulnerability Details CVE-2021-28134
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/AkashRajpurohit/clipper/issues/13
- https://github.com/AkashRajpurohit/clipper/pull/14
- https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19
- https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5
- https://github.com/AkashRajpurohit/clipper/issues/13
- https://github.com/AkashRajpurohit/clipper/pull/14
- https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19
- https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5
Products affected by CVE-2021-28134
-
cpe:2.3:a:clipper_project:clipper:1.0.0
-
cpe:2.3:a:clipper_project:clipper:1.0.1
-
cpe:2.3:a:clipper_project:clipper:1.0.2
-
cpe:2.3:a:clipper_project:clipper:1.0.3
-
cpe:2.3:a:clipper_project:clipper:1.0.4