CVE-2018-1000136 - Electron nodeIntegration Bypass (RCE)
In Summary : Electron applications are essentially web apps, which means they're susceptible to cross-site scripting attacks through f...
https://updatesinfosec.blogspot.com/2018/05/cve-2018-1000136-electron.html
In Summary :
Electron applications are essentially web apps, which means they're susceptible to cross-site scripting attacks through failure to correctly sanitize user-supplied input. A default Electron application includes access to not only its own APIs, but also includes access to all of Node.js' built in modules. This makes XSS particularly dangerous, as an attacker's payload can allow do some nasty things such as require in the child_process module and execute system commands on the client-side. Atom had an [...]
kindly refer the following link as follow up :
https://ift.tt/2Icnm0h
Electron applications are essentially web apps, which means they're susceptible to cross-site scripting attacks through failure to correctly sanitize user-supplied input. A default Electron application includes access to not only its own APIs, but also includes access to all of Node.js' built in modules. This makes XSS particularly dangerous, as an attacker's payload can allow do some nasty things such as require in the child_process module and execute system commands on the client-side. Atom had an [...]
kindly refer the following link as follow up :
https://ift.tt/2Icnm0h
