Wflki

Name of the Vulnerable Software and Affected Versions: GitHub Electron versions 1.8.2-beta.3 and earlier GitHub Electron versions 1.7.10 and earlier GitHub Electron versions 1.6.15 and earlier Description: The issue is related to a vulnerability in the protocol handler of Electron apps running on Windows 10, 7, or 2008. If an Electron application registers a custom protocol handler, it can be tricked into arbitrary command execution when a user clicks on a specially crafted URL. This vulnerability is caused by a failure to sanitize additional arguments to Chromium in the command line handler for Electron. The estimated number of potentially affected devices is not provided. Recommendations: For GitHub Electron versions 1.8.2-beta.3 and earlier, update to version 1.8.2-beta.4 or later. For GitHub Electron versions 1.7.10 and earlier, update to version 1.7.11 or later. For GitHub Electron versions 1.6.15 and earlier, update to version 1.6.16 or later. If updating is not possible, append `--` as the last argument when calling `app.setAsDefaultProtocolClient` to prevent Chromium from parsing further options. For example: ```javascript app.setAsDefaultProtocolClient(protocol, process.execPath, [ '--your-switches-here', '--' ]) ```