Taggart :donor: on Nostr: Okay, for those tracking CVE-2023-5129, aka the #Libwebp fiasco, here's how to ...
Okay, for those tracking CVE-2023-5129, aka the #Libwebp fiasco, here's how to validate if your Electron app is vulnerable.
The patched version of Electron is v26.2.1. To confirm what version of Electron your app is using, you need to run strings against the executable. The version is in the app's User-Agent, so:
strings app.exe | grep "Electron/"
Will do the trick. The attached image shows this method for Teams, which tracks with their published version listings.
I'd love it if folks who try this with updated apps post their results as replies here, so we can collect this #ThreatIntel.
The patched version of Electron is v26.2.1. To confirm what version of Electron your app is using, you need to run strings against the executable. The version is in the app's User-Agent, so:
strings app.exe | grep "Electron/"
Will do the trick. The attached image shows this method for Teams, which tracks with their published version listings.
I'd love it if folks who try this with updated apps post their results as replies here, so we can collect this #ThreatIntel.