Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1248 vulnerabilities reference this CWE, most recent first.

GHSA-3FC3-XGJX-F77W

Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-01 00:00
VLAI
Details

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-26T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.",
  "id": "GHSA-3fc3-xgjx-f77w",
  "modified": "2022-09-01T00:00:24Z",
  "published": "2022-08-27T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36226"
    },
    {
      "type": "WEB",
      "url": "https://github.com/we1h0/SiteServer-CMS-Remote-download-Getshell"
    },
    {
      "type": "WEB",
      "url": "https://www.slpyue.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FQC-QP8W-RR4H

Vulnerability from github – Published: 2022-04-29 00:00 – Updated: 2022-05-10 00:00
VLAI
Details

A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-28T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.",
  "id": "GHSA-3fqc-qp8w-rr4h",
  "modified": "2022-05-10T00:00:34Z",
  "published": "2022-04-29T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22783"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FW2-3G64-5H2V

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-14 00:00
VLAI
Details

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.",
  "id": "GHSA-3fw2-3g64-5h2v",
  "modified": "2022-09-14T00:00:44Z",
  "published": "2022-09-14T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35837"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35837"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3H2X-CPJG-QQ3M

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-11T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.",
  "id": "GHSA-3h2x-cpjg-qq3m",
  "modified": "2022-05-13T01:44:34Z",
  "published": "2022-05-13T01:44:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18073"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-04-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HVJ-CH28-P4X7

Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30
VLAI
Details

VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T17:16:37Z",
    "severity": "HIGH"
  },
  "details": "VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys). The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Because the allocation size is not page-aligned, the mapping exposes the entire 0x1000-byte kernel page containing the buffer plus adjacent non-paged pool allocations with read/write permissions. An unprivileged local attacker can open a device handle (using the required 0x800 attribute flag), invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers present on that page. This enables bypass of KASLR, arbitrary kernel memory read/write within the exposed page, corruption of kernel objects, and escalation to SYSTEM.",
  "id": "GHSA-3hvj-ch28-p4x7",
  "modified": "2026-01-22T18:30:41Z",
  "published": "2026-01-22T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23763"
    },
    {
      "type": "WEB",
      "url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"
    },
    {
      "type": "WEB",
      "url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23763"
    },
    {
      "type": "WEB",
      "url": "https://vb-audio.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vb-audio-matrix-drivers-local-privilege-escalation-via-kernel-memory-exposure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3J7C-P7JW-Q87H

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:28
VLAI
Details

cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-01T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).",
  "id": "GHSA-3j7c-p7jw-q87h",
  "modified": "2024-04-04T01:28:02Z",
  "published": "2022-05-24T16:52:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10840"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JX4-Q2M7-R496

Vulnerability from github – Published: 2026-03-04 19:21 – Updated: 2026-03-04 19:21
VLAI
Summary
OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations
Details

Summary

In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.

By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only apply_patch checks).

Impact

  • Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.
  • Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published version at triage time: 2026.2.24
  • Affected range: <= 2026.2.24
  • Planned patched version: 2026.2.25

Fix Commit(s)

  • 04d91d0319b82fd4de91ed05e9fc5219ff2ab64e (main)

Remediation

OpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for: - workspace-only path checks (read / write / edit) - workspace-only apply_patch read/write paths - sandbox mount-root path-safety checks

Regression tests were added for apply_patch, workspace fs tools, and sandbox fs bridge hardlink alias escapes.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.24"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-04T19:21:04Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nIn certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.\n\nBy default, `tools.fs.workspaceOnly` is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only `apply_patch` checks).\n\n### Impact\n- Confidentiality: out-of-workspace files could be read through in-workspace hardlink aliases.\n- Integrity: out-of-workspace files could be modified through in-workspace hardlink aliases.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published version at triage time: `2026.2.24`\n- Affected range: `\u003c= 2026.2.24`\n- Planned patched version: `2026.2.25`\n\n### Fix Commit(s)\n- `04d91d0319b82fd4de91ed05e9fc5219ff2ab64e` (main)\n\n### Remediation\nOpenClaw now rejects hardlinked final-file aliases during workspace boundary validation for:\n- workspace-only path checks (`read` / `write` / `edit`)\n- workspace-only `apply_patch` read/write paths\n- sandbox mount-root path-safety checks\n\nRegression tests were added for `apply_patch`, workspace fs tools, and sandbox fs bridge hardlink alias escapes.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-3jx4-q2m7-r496",
  "modified": "2026-03-04T19:21:04Z",
  "published": "2026-03-04T19:21:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations"
}

GHSA-3M9Q-9522-7FX6

Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00
VLAI
Details

Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-12T14:15:00Z",
    "severity": "LOW"
  },
  "details": "Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.",
  "id": "GHSA-3m9q-9522-7fx6",
  "modified": "2022-07-17T00:00:45Z",
  "published": "2022-07-13T00:01:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33699"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3MP9-X5Q5-63W3

Vulnerability from github – Published: 2022-10-28 19:00 – Updated: 2022-10-28 19:00
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-28T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration\u0027s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.",
  "id": "GHSA-3mp9-x5q5-63w3",
  "modified": "2022-10-28T19:00:30Z",
  "published": "2022-10-28T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2882"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1656722"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/371082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3P22-GHQ8-V749

Vulnerability from github – Published: 2022-03-22 18:49 – Updated: 2022-03-22 18:49
VLAI
Summary
Renderers can obtain access to random bluetooth device without permission in Electron
Details

Impact

This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

All current stable versions of Electron are affected.

Patches

This has been patched and the following Electron versions contain the fix: * 17.0.0-alpha.6 * 16.0.6 * 15.3.5 * 14.2.4 * 13.6.6

Workarounds

Adding this code to your app can workaround the issue.

app.on('web-contents-created', (event, webContents) => {
  webContents.on('select-bluetooth-device', (event, devices, callback) => {
    // Prevent default behavior
    event.preventDefault();
    // Cancel the request
    callback('');
  });
});

For more information If you have any questions or comments about this advisory, email us at security@electronjs.org.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "13.6.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0.0-beta.1"
            },
            {
              "fixed": "14.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0-beta.1"
            },
            {
              "fixed": "15.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.0.0-beta.1"
            },
            {
              "fixed": "16.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 17.0.0-alpha.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "17.0.0-alpha.1"
            },
            {
              "fixed": "17.0.0-alpha.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-22T18:49:36Z",
    "nvd_published_at": "2022-03-22T17:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThis vulnerability allows renderers to obtain access to a random bluetooth device via the [web bluetooth API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API) if the app has not configured a custom `select-bluetooth-device` event handler.  The device that is accessed is random and the attacker would have no way of selecting a specific device.\n\nAll current stable versions of Electron are affected.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n* `17.0.0-alpha.6`\n* `16.0.6`\n* `15.3.5`\n* `14.2.4`\n* `13.6.6`\n\n### Workarounds\nAdding this code to your app can workaround the issue.\n\n```js\napp.on(\u0027web-contents-created\u0027, (event, webContents) =\u003e {\n  webContents.on(\u0027select-bluetooth-device\u0027, (event, devices, callback) =\u003e {\n    // Prevent default behavior\n    event.preventDefault();\n    // Cancel the request\n    callback(\u0027\u0027);\n  });\n});\n```\n\nFor more information\nIf you have any questions or comments about this advisory, email us at security@electronjs.org.",
  "id": "GHSA-3p22-ghq8-v749",
  "modified": "2022-03-22T18:49:36Z",
  "published": "2022-03-22T18:49:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21718"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/pull/32178"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/pull/32240"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/electron/electron"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Renderers can obtain access to random bluetooth device without permission in Electron"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.