SQLite 漏洞修复

发现了一个远程代码执行漏洞“Magellan”，影响基于 SQLite 或 Chromium 的软件，包括所有版本的 Electron。

🌐 A remote code execution vulnerability, "Magellan," has been discovered affecting software based on SQLite or Chromium, including all versions of Electron.

---

范围

🌐 Scope

使用 Web SQL 的 Electron 应用会受到影响。

🌐 Electron applications using Web SQL are impacted.

缓解措施

🌐 Mitigation

受影响的应用应停止使用 Web SQL 或升级到 Electron 的修补版本。

🌐 Affected apps should stop using Web SQL or upgrade to a patched version of Electron.

我们已发布 Electron 的新版本，其中包含针对此漏洞的修复：

🌐 We've published new versions of Electron which include fixes for this vulnerability:

• 4.0.0-beta.11
• 3.1.0-beta.4
• 3.0.13
• 2.0.16

在野外没有相关报告；然而，受影响的应用仍被敦促进行缓解。

🌐 There are no reports of this in the wild; however, affected applications are urged to mitigate.

更多信息

🌐 Further Information

该漏洞由腾讯天御团队发现，他们已发布了一篇讨论该漏洞的博客文章。

🌐 This vulnerability was discovered by the Tencent Blade team, who have published a blog post that discusses the vulnerability.

要了解有关保持你的 Electron 应用安全的最佳做法的更多信息，请参阅我们的[安全教程]。

🌐 To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

如果你希望报告 Electron 中的漏洞，请提交 [GitHub 安全咨询]。

🌐 Please file a GitHub Security Advisory if you wish to report a vulnerability in Electron.