Vulnerability Database

296,523

Total vulnerabilities in the database

CVE-2016-1202

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.

Published: Apr 25, 2016
Updated: May 9, 2024
CVE: CVE-2016-1202
GHSA: GHSA-gvcj-pfq2-wxj7
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-426

Affected Software
References

Software	From	Fixed in
atom / electron	-	0.33.4.x
electron	-	0.33.5

http://jvn.jp/en/jp/JVN00324715/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054
https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d
https://github.com/electron/electron/pull/2976

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo