CVE-2021-41392
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
Boost Note is a document driven project management tool that maximizes remote DevOps team velocity.
GitHub