Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
References
Link | Resource |
---|---|
https://github.com/AkashRajpurohit/clipper/issues/13 | Exploit Third Party Advisory |
https://github.com/AkashRajpurohit/clipper/pull/14 | Patch Third Party Advisory |
https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19 | Patch Third Party Advisory |
https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-11T00:00:22
Updated: 2021-03-11T00:00:22
Reserved: 2021-03-10T00:00:00
Link: CVE-2021-28134
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-11T00:15:12.170
Modified: 2021-03-17T20:05:08.210
Link: CVE-2021-28134
JSON object: View
Redhat Information
No data.
CWE