A remote code execution vulnerability, "Magellan," has been discovered affecting software based on SQLite or Chromium, including all versions of Electron.
作用域
Electron applications using Web SQL are impacted.
Mitigation
Affected apps should stop using Web SQL or upgrade to a patched version of Electron.
We've published new versions of Electron which include fixes for this vulnerability:
There are no reports of this in the wild; however, affected applications are urged to mitigate.
Further Information
This vulnerability was discovered by the Tencent Blade team, who have published a blog post that discusses the vulnerability.
要了解更多关于维护您的 Electron 应用安全的最佳做法,请参阅我们的 安全教程。
If you wish to report a vulnerability in Electron, email security@electronjs.org.