Description
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
Remediation
References
https://github.com/electron/electron/pull/10008/files
https://github.com/electron/electron/pull/10008
Related Vulnerabilities
CVE-2017-16181 Vulnerability in npm package wintiwebdev
CVE-2016-10641 Vulnerability in npm package node-bsdiff-android
CVE-2022-24719 Vulnerability in npm package fluture-node
CVE-2016-10623 Vulnerability in npm package macaca-chromedriver-zxa
CVE-2021-27515 Vulnerability in maven package org.webjars.npm:url-parse