GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "1.8.2-beta1"
},
{
"last_affected": "1.8.2-beta1"
},
{
"introduced": "1.8.2-beta2"
},
{
"last_affected": "1.8.2-beta2"
},
{
"introduced": "1.8.2-beta3"
},
{
"last_affected": "1.8.2-beta3"
}
],
"source": "CPE_STRING",
"vendor_product": "atom:electron",
"cpes": [
"cpe:2.3:a:atom:electron:1.8.2:beta1:*:*:*:*:*:*",
"cpe:2.3:a:atom:electron:1.8.2:beta2:*:*:*:*:*:*",
"cpe:2.3:a:atom:electron:1.8.2:beta3:*:*:*:*:*:*"
]
}
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.10"
},
{
"last_affected": "1.6.15"
}
]
}