{"id":"CVE-2017-1000424","details":"Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.","aliases":["GHSA-6h98-cf9g-vmg2"],"modified":"2026-03-14T14:24:48.523079Z","published":"2018-01-02T20:29:00.283Z","references":[{"type":"ADVISORY","url":"https://github.com/electron/electron/pull/10008"},{"type":"ADVISORY","url":"https://github.com/electron/electron/pull/10008/files"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/electron/electron","events":[{"introduced":"46aed5ff6f4f2e27222dc197f67c48106cf817c8"},{"last_affected":"0428632a4e5dfa65e7ffbe39ff208069f0b9cdc4"},{"introduced":"b6319698f12f6f0d8095da7a0528b4a3b9949834"},{"last_affected":"5b9d31d3ff609b59210c896b4d2e3553adf1eb7b"}],"database_specific":{"versions":[{"introduced":"1.6.4"},{"last_affected":"1.6.11"},{"introduced":"1.7.0"},{"last_affected":"1.7.5"}]}}],"versions":["v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000424.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}