Is CVE-2017-16151 actively exploited?

CVE-2017-16151 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2017-16151?

CVE-2017-16151 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2017-16151?

Patch guidance is available from electronjs security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2017-16151.

Which products are affected by CVE-2017-16151?

1 product: electronjs electron.

Fix CVE-2017-16151 - CRITICAL electronjs electron

Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-94 · Code Injection CWE-94 · Code Injection

Metadata

Primary Vendor: ELECTRONJS
Published: 6/7/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

electronjs : electron

Remediation Guidance

Executive Summary

Cite this page

CVE-2017-16151. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2017-16151

View on NIST NVD

CVE-2017-16151 vulnerability