Electerm Path Traversal Vulnerability in runWidget Function Allows Arbitrary Code Execution

A path traversal vulnerability has been identified in Electerm versions prior to 3.7.16. The issue arises in the runWidget function, which constructs file paths by directly concatenating user-supplied widget identifiers without proper sanitization. This function is exposed to the renderer process through an asynchronous IPC handler that lacks input validation. An attacker who gains JavaScript execution in the renderer, possibly via a malicious plugin or a cross-site scripting vulnerability in the built-in webview, can exploit this flaw. By manipulating the file path to include traversal sequences, the attacker can load and execute arbitrary JavaScript files from the victim's filesystem. This exploitation leads to local code execution with the same privileges as the Electerm process, potentially resulting in complete system compromise.

Impact

Exploitation of this vulnerability allows for local code execution with full privileges of the Electerm process, leading to complete system compromise.

Remediation

Users can upgrade to Electerm version 3.7.16 or later to address this vulnerability. Instructions for downloading the latest version are available on the Electerm GitHub Releases page.