libwebp day-0 vulnerability

vercel / hyper

A terminal built on web technologies

https://hyper.is

MIT License

43.35k stars 3.52k forks source link

libwebp day-0 vulnerability #7506

Open technocrat opened 1 year ago

technocrat commented 1 year ago

[ X] Your Hyper.app version is 3.4.1. Please verify you're using the latest Hyper.app version
[ X] I have searched the issues of this repo and believe that this is not a duplicate

Please see ARS Technical Report. Hyper is flagged as vulnerable by Bob Rudis' positron. I'll need to switch to another terminal pending patch (with regret!).

ayndqy commented 1 year ago

Just tested the latest 4.0.0-canary.5 version using positron, the vulnerable version of electron is still there. Quite sad to stop using this app because of this :(

$ find /Applications -type f -name "*Electron Framework*" -exec ./positron "{}" \;
/Applications/Hyper.app: Chrome/108.0.5359.215 Electron/22.3.1 🔴

vercel / hyper

libwebp day-0 vulnerability #7506

[ X] I have searched the issues of this repo and believe that this is not a duplicate