Security Advisory

CVE-2021-41392

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-17 21:24:02

Last updated 2024-08-04 03:08:32

Assigner mitre

State PUBLISHED

Description

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.

← Browse all CVEs View on cve.org ↗