Source: electrum
Version: 3.0.5-1
Severity: important
Tags: security upstream


the following vulnerability was published for electrum.

| The Python console in Electrum through 2.9.4 and 3.x through 3.0.5
| supports arbitrary Python code without considering (1)
| social-engineering attacks in which a user pastes code that they do not
| understand and (2) code pasted by a physically proximate attacker at an
| unattended workstation, which makes it easier for attackers to steal
| Bitcoin via hook code that runs at a later time when the wallet
| password has been entered, a different vulnerability than
| CVE-2018-1000022.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:



Reply via email to