Vulnerability Description
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clipper Project | Clipper | < 1.0.5 |
References
- https://github.com/AkashRajpurohit/clipper/issues/13ExploitThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/pull/14PatchThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af8PatchThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5PatchThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/issues/13ExploitThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/pull/14PatchThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/pull/14/commits/28f1492a12234cf1e6af8PatchThird Party Advisory
- https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5PatchThird Party Advisory
FAQ
What is CVE-2021-28134?
CVE-2021-28134 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API...
How severe is CVE-2021-28134?
CVE-2021-28134 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-28134?
Check the references section above for vendor advisories and patch information. Affected products include: Clipper Project Clipper.