Vulnerabilities > CVE-2017-1000424 - Unspecified vulnerability in Atom Electron

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

atom

NVD

Published: 2018-01-02

Updated: 2019-10-03

Summary

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.

Vulnerable Configurations

Part	Description	Count
Application	Atom Atom Electron *	1

References

https://github.com/electron/electron/pull/10008/files
https://github.com/electron/electron/pull/10008