Plattform
nodejs
Komponente
electron
Behoben in
1.6.14
CVE-2017-16151 is a critical Remote Code Execution (RCE) vulnerability affecting ElectronJS applications. This flaw allows attackers to execute arbitrary code by exploiting how affected applications handle remote content, even when the sandbox option is enabled. The vulnerability impacts ElectronJS versions prior to 1.6.14, and a fix is available in version 1.6.14 and later.
The impact of CVE-2017-16151 is severe. An attacker can leverage this vulnerability to gain complete control over an affected ElectronJS application and potentially the underlying system. This could involve stealing sensitive data, installing malware, or disrupting operations. The ability to bypass the sandbox significantly increases the attack surface, as it allows attackers to execute code with the privileges of the application. Successful exploitation could mirror the impact of other RCE vulnerabilities, allowing for persistent access and lateral movement within a network.
CVE-2017-16151 was publicly disclosed in July 2018. While no active exploitation campaigns have been definitively linked to this specific CVE, the RCE nature of the vulnerability makes it a high-priority target. Public proof-of-concept exploits are available, increasing the risk of exploitation. This vulnerability is not currently listed on the CISA KEV catalog.
Applications built with ElectronJS, particularly those that access remote content from untrusted sources, are at risk. This includes desktop applications used in enterprise environments, as well as consumer-facing applications. Legacy ElectronJS applications that have not been updated are especially vulnerable.
• nodejs / supply-chain: Monitor ElectronJS application processes for unexpected child processes or network connections. Use Get-Process in PowerShell to identify Electron processes and their associated modules.
Get-Process | Where-Object {$_.ProcessName -like '*electron*'}• linux / server: Examine system logs (e.g., /var/log/syslog) for errors or anomalies related to ElectronJS applications. Use lsof to identify open files and network connections associated with Electron processes.
lsof -p $(pidof electron)• generic web: Inspect application behavior when accessing remote content. Monitor network traffic for suspicious requests or responses. Use curl to test endpoint exposure and check for unexpected behavior.
curl -v <electron_app_url>disclosure
patch
Exploit-Status
EPSS
2.70% (86% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2017-16151 is to immediately update ElectronJS to version 1.6.14 or later. If upgrading is not immediately feasible, consider implementing stricter content security policies (CSP) within the application to restrict the sources from which content can be loaded. Carefully review and validate all remote content accessed by the application. While a direct workaround is unavailable, implementing robust input validation and sanitization can help reduce the attack surface. After upgrading, verify the fix by attempting to load a known malicious remote resource and confirming that the application does not execute arbitrary code.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2017-16151 is a critical Remote Code Execution vulnerability in ElectronJS applications that allows attackers to execute arbitrary code when accessing remote content, even with the sandbox enabled.
You are affected if you are using ElectronJS versions prior to 1.6.14 and your application accesses remote content. Assess your ElectronJS version immediately.
Update ElectronJS to version 1.6.14 or later. Implement stricter content security policies (CSP) as an interim measure if upgrading is not immediately possible.
While no confirmed active campaigns are publicly known, the RCE nature of the vulnerability makes it a high-priority target, and public PoCs exist.
Refer to the ElectronJS security advisories: https://github.com/electron/electron/security/advisories
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.