EPSS
Percentile
99.8%
Electron is vulnerable to remote code execution (RCE) attacks. A malicious user can pass a Electron Protocol Handler to the application that when clicked on executes arbitrary code. This vulnerability is due to an incomplete fix in CVE-2018-1000006.
electronjs.org/releases#1.8.2-beta.5
github.com/electron/electron/pull/11796
www.sourceclear.com/vulnerability-database/security/remote-code-execution-rce-/javascript/sid-5750/summary