Skip to main content

Electrum

2 CVEs product

Monthly

CVE-2022-31246 MEDIUM This Month

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Electrum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2018-6353 HIGH POC This Week

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Electrum
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
EPSS 1% CVSS 5.5
MEDIUM This Month

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Electrum
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Electrum
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy