Medium severity4.3NVD Advisory· Published Jan 2, 2018· Updated Jun 17, 2026
CVE-2017-1000424
CVE-2017-1000424
Description
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electronnpm | >= 1.7.0, < 1.7.6 | 1.7.6 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6h98-cf9g-vmg2ghsaADVISORY
- github.com/electron/electron/pull/10008nvdThird Party AdvisoryWEB
- github.com/electron/electron/pull/10008/filesnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-1000424ghsaADVISORY
- github.com/electron/electron/releases/tag/v1.7.6ghsaWEB
News mentions
0No linked articles in our index yet.