Description
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
Remediation
References
https://github.com/electron/electron/pull/10008
https://github.com/electron/electron/pull/10008/files
Related Vulnerabilities
CVE-2017-9791 Vulnerability in maven package org.apache.struts:struts2-struts1-plugin
CVE-2021-41183 Vulnerability in maven package org.webjars:jquery-ui
CVE-2022-1243 Vulnerability in maven package org.webjars.bower:urijs
CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core
CVE-2020-28442 Vulnerability in maven package org.webjars.bower:js-data