CVE-2018-1000118: OS Command Injection

March 7, 2018 (updated April 20, 2018)

Github Electron version Electron contains a Command Injection vulnerability in Protocol Handler that can result in command execute.This issue is due to an incomplete fix for CVE-2018-1000006, specifically the block list used was not case insensitive allowing an attacker to potentially bypass it.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000118

Detect and mitigate CVE-2018-1000118 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →