CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-J9C9-QJ2X-X3FC
Vulnerability from github – Published: 2023-09-18 21:30 – Updated: 2024-04-04 07:43An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
{
"affected": [],
"aliases": [
"CVE-2023-39043"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-18T21:15:55Z",
"severity": "MODERATE"
},
"details": "An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.",
"id": "GHSA-j9c9-qj2x-x3fc",
"modified": "2024-04-04T07:43:26Z",
"published": "2023-09-18T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39043"
},
{
"type": "WEB",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39043.md"
},
{
"type": "WEB",
"url": "http://tokushimaawayokocho.com"
},
{
"type": "WEB",
"url": "http://ykc.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J9HF-98C3-WRM8
Vulnerability from github – Published: 2024-06-04 18:12 – Updated: 2025-06-27 22:08Impact
A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.
A workload built from this Dockerfile:
FROM docker.io/library/busybox as source
RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc
FROM scratch
COPY --from=source /bin /bin
COPY --from=source /lib /lib
COPY --from=source /extra .
and this container config:
{
"metadata": {
"name": "busybox"
},
"image":{
"image": "localhost/test"
},
"command": [
"/bin/true"
],
"linux": {
}
}
and this sandbox config
{
"metadata": {
"name": "test-sandbox",
"namespace": "default",
"attempt": 1,
"uid": "edishd83djaideaduwk28bcsb"
},
"linux": {
"security_context": {
"namespace_options": {
"network": 2
}
}
}
}
will create a file on host /host/mtab
Patches
1.30.1, 1.29.5, 1.28.7
Workarounds
Unfortunately not
References
Are there any links users can visit to find out more?
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cri-o/cri-o"
},
"ranges": [
{
"events": [
{
"introduced": "1.28.6"
},
{
"fixed": "1.28.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cri-o/cri-o"
},
"ranges": [
{
"events": [
{
"introduced": "1.29.4"
},
{
"fixed": "1.29.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cri-o/cri-o"
},
"ranges": [
{
"events": [
{
"introduced": "1.30.0"
},
{
"fixed": "1.30.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-5154"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-04T18:12:31Z",
"nvd_published_at": "2024-06-12T09:15:19Z",
"severity": "HIGH"
},
"details": "### Impact\nA malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.\n\nA workload built from this Dockerfile:\n```\nFROM docker.io/library/busybox as source\nRUN mkdir /extra \u0026\u0026 cd /extra \u0026\u0026 ln -s ../../../../../../../../root etc\n\nFROM scratch\n\nCOPY --from=source /bin /bin\nCOPY --from=source /lib /lib\nCOPY --from=source /extra .\n\n```\n\nand this container config:\n\n```\n{\n \"metadata\": {\n \"name\": \"busybox\"\n },\n \"image\":{\n \"image\": \"localhost/test\"\n },\n \"command\": [\n \"/bin/true\"\n ],\n \"linux\": {\n }\n}\n\n\n```\nand this sandbox config \n```\n{\n \"metadata\": {\n \"name\": \"test-sandbox\",\n \"namespace\": \"default\",\n \"attempt\": 1,\n \"uid\": \"edishd83djaideaduwk28bcsb\"\n },\n \"linux\": {\n \"security_context\": {\n \"namespace_options\": {\n \"network\": 2\n }\n }\n }\n}\n\n```\n\nwill create a file on host `/host/mtab`\n\n### Patches\n1.30.1, 1.29.5, 1.28.7\n\n### Workarounds\nUnfortunately not\n\n### References\n_Are there any links users can visit to find out more?_",
"id": "GHSA-j9hf-98c3-wrm8",
"modified": "2025-06-27T22:08:30Z",
"published": "2024-06-04T18:12:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5154"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:10818"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3676"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3700"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4008"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4159"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4486"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-5154"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280190"
},
{
"type": "PACKAGE",
"url": "https://github.com/cri-o/cri-o"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-2919"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "malicious container creates symlink \"mtab\" on the host External"
}
GHSA-J9J7-WV39-5XC4
Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2023-08-08 15:31Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
{
"affected": [],
"aliases": [
"CVE-2021-44676"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T15:15:00Z",
"severity": "CRITICAL"
},
"details": "Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.",
"id": "GHSA-j9j7-wv39-5xc4",
"modified": "2023-08-08T15:31:26Z",
"published": "2021-12-21T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44676"
},
{
"type": "WEB",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior"
},
{
"type": "WEB",
"url": "https://www.manageengine.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9RC-2HV9-V5V8
Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2025-11-04 18:30In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.
{
"affected": [],
"aliases": [
"CVE-2022-37703"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-13T20:15:00Z",
"severity": "LOW"
},
"details": "In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.",
"id": "GHSA-j9rc-2hv9-v5v8",
"modified": "2025-11-04T18:30:39Z",
"published": "2022-09-14T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37703"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/870037"
},
{
"type": "WEB",
"url": "https://github.com/MaherAzzouzi/CVE-2022-37703"
},
{
"type": "WEB",
"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2"
},
{
"type": "WEB",
"url": "http://www.amanda.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JC66-9QCW-88HP
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-04-17 18:31In the Linux kernel, the following vulnerability has been resolved:
HID: usbhid: fix info leak in hid_submit_ctrl
In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes.
To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl().
{
"affected": [],
"aliases": [
"CVE-2021-46906"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T18:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: fix info leak in hid_submit_ctrl\n\nIn hid_submit_ctrl(), the way of calculating the report length doesn\u0027t\ntake into account that report-\u003esize can be zero. When running the\nsyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to\ncalculate transfer_buffer_length as 16384. When this urb is passed to\nthe usb core layer, KMSAN reports an info leak of 16384 bytes.\n\nTo fix this, first modify hid_report_len() to account for the zero\nreport size case by using DIV_ROUND_UP for the division. Then, call it\nfrom hid_submit_ctrl().",
"id": "GHSA-jc66-9qcw-88hp",
"modified": "2024-04-17T18:31:31Z",
"published": "2024-02-26T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46906"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCXM-CFV5-GP8J
Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30Windows CoreMessaging Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-20694"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T18:15:52Z",
"severity": "MODERATE"
},
"details": "Windows CoreMessaging Information Disclosure Vulnerability",
"id": "GHSA-jcxm-cfv5-gp8j",
"modified": "2024-01-09T18:30:29Z",
"published": "2024-01-09T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20694"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JF2P-4GQJ-849G
Vulnerability from github – Published: 2022-11-28 22:09 – Updated: 2024-09-26 14:24Impact
On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ.
Patches
The problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes.
Workarounds
Setting java.io.tmpdir to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.
For more information
If you have any questions or comments about this advisory * Open an issue in https://github.com/joniles/mpxj
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "net.sf.mpxj:mpxj"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "net.sf.mpxj"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "net.sf.mpxj-for-csharp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "net.sf.mpxj-for-vb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.14.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "mpxj"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41954"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-28T22:09:09Z",
"nvd_published_at": "2022-11-25T19:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nOn Unix-like operating systems (not Windows or macos), MPXJ\u0027s use of `File.createTempFile(..)` results in temporary files being created with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file which requires the creation of a temporary file or directory, a knowledgeable local user could locate these transient files while they are in use and would then be able to read the schedule being processed by MPXJ.\n\n### Patches\nThe problem has been patched, MPXJ version 10.14.1 and later includes the necessary changes.\n\n### Workarounds\nSetting `java.io.tmpdir` to a directory to which only the user running the application has access will prevent other users from accessing these temporary files.\n\n### For more information\nIf you have any questions or comments about this advisory\n* Open an issue in https://github.com/joniles/mpxj\n",
"id": "GHSA-jf2p-4gqj-849g",
"modified": "2024-09-26T14:24:09Z",
"published": "2022-11-28T22:09:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/joniles/mpxj/security/advisories/GHSA-jf2p-4gqj-849g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41954"
},
{
"type": "WEB",
"url": "https://github.com/joniles/mpxj/commit/287ad0234213c52b0638565e14bd9cf3ed44cedd"
},
{
"type": "WEB",
"url": "https://github.com/joniles/mpxj/commit/ae0af24345d79ad45705265d9927fe55e94a5721"
},
{
"type": "PACKAGE",
"url": "https://github.com/joniles/mpxj"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mpxj/PYSEC-2022-42996.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Temporary File Information Disclosure vulnerability in MPXJ"
}
GHSA-JFJP-C9JG-CQCX
Vulnerability from github – Published: 2023-04-11 21:31 – Updated: 2024-04-04 03:24Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.
{
"affected": [],
"aliases": [
"CVE-2023-25409"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-11T21:15:00Z",
"severity": "HIGH"
},
"details": "Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.",
"id": "GHSA-jfjp-c9jg-cqcx",
"modified": "2024-04-04T03:24:54Z",
"published": "2023-04-11T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25409"
},
{
"type": "WEB",
"url": "https://www.pentagrid.ch/en/blog/multiple-vulnerabilities-in-aten-PE8108-power-distribution-unit"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFQG-HF23-QPW2
Vulnerability from github – Published: 2026-04-03 02:46 – Updated: 2026-04-06 23:11Impact
Apps that pass VideoFrame objects (from the WebCodecs API) across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged VideoFrame to gain access to the isolated world, including any Node.js APIs exposed to the preload script.
Apps are only affected if a preload script returns, resolves, or passes a VideoFrame object to the main world via contextBridge.exposeInMainWorld(). Apps that do not bridge VideoFrame objects are not affected.
Workarounds
Do not pass VideoFrame objects across contextBridge. If an app needs to transfer video frame data, serialize it to an ArrayBuffer or ImageBitmap before bridging.
Fixed Versions
41.0.0-beta.840.7.039.8.0
For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "39.0.0-alpha.1"
},
{
"fixed": "39.8.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "40.0.0-alpha.1"
},
{
"fixed": "40.7.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "41.0.0-alpha.1"
},
{
"fixed": "41.0.0-beta.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34780"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T02:46:56Z",
"nvd_published_at": "2026-04-04T01:16:39Z",
"severity": "HIGH"
},
"details": "### Impact\nApps that pass `VideoFrame` objects (from the WebCodecs API) across the `contextBridge` are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged `VideoFrame` to gain access to the isolated world, including any Node.js APIs exposed to the preload script.\n\nApps are only affected if a preload script returns, resolves, or passes a `VideoFrame` object to the main world via `contextBridge.exposeInMainWorld()`. Apps that do not bridge `VideoFrame` objects are not affected.\n\n### Workarounds\nDo not pass `VideoFrame` objects across `contextBridge`. If an app needs to transfer video frame data, serialize it to an `ArrayBuffer` or `ImageBitmap` before bridging.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.7.0`\n* `39.8.0`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)",
"id": "GHSA-jfqg-hf23-qpw2",
"modified": "2026-04-06T23:11:50Z",
"published": "2026-04-03T02:46:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34780"
},
{
"type": "PACKAGE",
"url": "https://github.com/electron/electron"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Electron: Context Isolation bypass via contextBridge VideoFrame transfer"
}
GHSA-JGWP-H4GX-XM93
Vulnerability from github – Published: 2022-11-02 19:00 – Updated: 2022-11-04 19:01A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.
{
"affected": [],
"aliases": [
"CVE-2021-45446"
],
"database_specific": {
"cwe_ids": [
"CWE-281",
"CWE-548",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-02T15:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.",
"id": "GHSA-jgwp-h4gx-xm93",
"modified": "2022-11-04T19:01:17Z",
"published": "2022-11-02T19:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45446"
},
{
"type": "WEB",
"url": "https://support.pentaho.com/hc/en-us/articles/6744813983501"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.