Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Are we affected by the Electron Custom Protocol Handler RCE Vulnerability CVE-2018-1000006 ?

See original GitHub issue

Description

Requesting check to see if we are affected by Electron Custom Protocol RCE Vulnerability

Version

GitHub Desktop version: -

OS version: Windows 10 Fall Update

Steps to Reproduce

Any app that registers a custom protocol Handler is affected it seems for Windows installs
Desceiption: https://electronjs.org/blog/protocol-handler-fix

Logs

Additional Information

[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000006 ]

Issue Analytics

State:
Created 6 years ago
Comments:5 (4 by maintainers)

Top GitHub Comments

1reaction

nerdnehacommented, Jan 26, 2018

@QzSG @j-f1 We are not affected by the vulnerability because we followed the mitigation recommended by Electron according to their docs: https://electronjs.org/blog/protocol-handler-fix#mitigation

This mitigation released in 1.0.12 but we will also be pushing a release that bumps our version for electron to 1.7.11 soon.

0reactions

iAmWillShepherdcommented, Jan 26, 2018

@QzSG yes I am aware after @j-f1 pointed out and we are actually planning on pushing a release very soon.

Top Results From Across the Web

Electron Windows Protocol Handler MITM/RCE (bypass for ...

8.2-beta4 for a critical vulnerability known as CVE-2018-1000006 (surprisingly no fancy name here) affecting Electron-based applications running ...

Windows Remote Code Execution in Electron Applications ...

Some applications require custom protocol handlers to ensure that when a link is clicked, via another application referencing the protocol, the correct program ......

Protocol Handler Vulnerability Fix - Electron

A remote code execution vulnerability has been discovered affecting Electron apps that use custom protocol handlers. This vulnerability has ...

Remote Code Execution Vulnerability in Electron Apps - Medium

The current report affects Electron applications on Windows that use custom protocols. Custom protocols allow applications to handle links from web pages or ......

Electronjs Electron : List of security vulnerabilities - CVE Details

# CVE ID CWE ID Publish Date Update Date Score Gained Access Level Access 1 CVE‑2022‑29257 2022‑06‑13 2022‑06‑27 6.5 None Rem... 2 CVE‑2022‑29247 668 2022‑06‑13...