Mark Gardner

@Perl Here is a find + #Perl command for #macOS that will check which installed #Electron-based applications have not yet been updated against this month's #libwebp #CVE20234863 #security vulnerability: https://social.sdf.org/@mjgardner/111126922716051872

Other apps may be vulnerable, this just checks the Electron ones!

It uses the built-in https://perldoc.perl.org/version API for parsing and comparing version numbers.

Mark Gardner ‍:sdf: (@[email protected])

@[email protected] I've expanded @[email protected]’s command to check apps against #Electron releases with fixed #libwebp find /Applications -type f -name '*Electron Framework*' -exec \ perl -Mversion=0.77 -nE \ '@safe = map version->parse($_), qw(22.3.24 24.8.3 25.8.1 26.2.1); next unless m{Chrome/[0-9.]+ Electron/([0-9.]+)}; $ver = version->parse($1); if ($ver < (grep int $_->numify == int $ver->numify, @safe)[0]) { say "vulnerable Electron $ver found in $ARGV"; next }' {} \;

SDF Social
Sep 25, 2023 at 5:33pmWeb