VYPR
High severity7.8OSV Advisory· Published Jan 27, 2018· Updated Jun 17, 2026

CVE-2018-6353

CVE-2018-6353

Description

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Spesmilo/ElectrumOSV2 versions
    0.56, 0.57, 0.57a, …+ 1 more
    • (no CPE)range: 0.56, 0.57, 0.57a, …
    • (no CPE)range: <=2.9.4, >=3.0.0 <=3.0.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.