JSONRPC vulnerability in Electrum 2.6 to 3.0.4
On January 6th, a vulnerability was disclosed in the Electrum wallet software, that allows malicious websites to execute wallet commands through JSONRPC executed in a web browser. The bug affects versions 2.6 to 3.0.4 of Electrum, on all platforms. It also affects clones of Electrum such as Electron Cash.
Tails users in my opinion must be forced to upgrade Electrum by rolling out a new build and this must be done urgently since the vulnerability is very serious!
For more information about the vulnerability please visit:
https://github.com/spesmilo/electrum-docs/blob/master/cve.rst or
https://electrum.org
Related issues
- Is duplicate of #15022 (closed)
Original created by @humanrightsdefender on 15207 (Redmine)