Vulnerabilities > CVE-2021-28134 - Unspecified vulnerability in Clipper Project Clipper

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

clipper-project

critical

NVD

Published: 2021-03-11

Updated: 2024-11-21

Summary

Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.

Vulnerable Configurations

Part	Description	Count
Application	Clipper_Project Clipper Project Clipper 1.0.0 Clipper Project Clipper 1.0.1 Clipper Project Clipper 1.0.2 Clipper Project Clipper 1.0.3 Clipper Project Clipper 1.0.4	5

References

https://github.com/AkashRajpurohit/clipper/issues/13
https://github.com/AkashRajpurohit/clipper/issues/13
https://github.com/AkashRajpurohit/clipper/pull/14
https://github.com/AkashRajpurohit/clipper/pull/14
https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19
https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19
https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5
https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5