Vulnerability Details : CVE-2021-28134
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
Products affected by CVE-2021-28134
- cpe:2.3:a:clipper_project:clipper:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-28134
2.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-28134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2021-28134
-
https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af85c78bf22ee2f5090d19
fix: check for allowed urls to be opened using shell.openExternal 馃┕ by AkashRajpurohit 路 Pull Request #14 路 AkashRajpurohit/clipper 路 GitHubPatch;Third Party Advisory
-
https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5
Release Minor security patch release 路 AkashRajpurohit/clipper 路 GitHubPatch;Third Party Advisory
-
https://github.com/AkashRajpurohit/clipper/issues/13
Potential Command Execution vulnerabilities introduced by preload.js 路 Issue #13 路 AkashRajpurohit/clipper 路 GitHubExploit;Third Party Advisory
-
https://github.com/AkashRajpurohit/clipper/pull/14
fix: check for allowed urls to be opened using shell.openExternal 馃┕ by AkashRajpurohit 路 Pull Request #14 路 AkashRajpurohit/clipper 路 GitHubPatch;Third Party Advisory
Jump to