Search criteria
60 vulnerabilities found for electron by electronjs
FKIE_CVE-2023-44402
Vulnerability from fkie_nvd - Published: 2023-12-01 22:15 - Updated: 2024-11-21 08:25
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6006372D-2948-4C30-9A18-9C5519423031",
"versionEndIncluding": "22.3.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "5FDAA109-329D-474B-9D23-8EFF99774F76",
"versionEndIncluding": "23.3.14",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2164B3AC-FCFB-4D1B-9963-8E697F2C3A42",
"versionEndIncluding": "24.8.3",
"versionStartIncluding": "24.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2A10085B-F308-4465-B350-B57CFF2664FD",
"versionEndIncluding": "25.8.1",
"versionStartIncluding": "25.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "834EBAA7-160F-48CE-889A-D0D764EB6AB8",
"versionEndIncluding": "26.2.1",
"versionStartIncluding": "26.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "6AE1C9EE-76CF-406C-96E4-3BC2F84A1CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "79F654E8-C55B-43D3-8583-7918F830934B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "39B4D77B-02AE-4ED1-BA12-F147FAAD5C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "AE44F8C9-B82B-4150-9491-AA9FDCF355F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "2D68602C-470C-4278-B282-F4F992F349B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "F930816D-73B0-4FF9-B7C2-E5F1C83F88E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
},
{
"lang": "es",
"value": "Electron es un framework de c\u00f3digo abierto para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Esto solo afecta a las aplicaciones que tienen habilitados los fusibles \"embeddedAsarIntegrityValidation\" y \"onlyLoadAppFromAsar\". Las aplicaciones sin estos fusibles habilitados no se ven afectadas. Este problema es espec\u00edfico de macOS, ya que actualmente estos fusibles solo son compatibles con macOS. Espec\u00edficamente, este problema solo puede explotarse si su aplicaci\u00f3n se inicia desde un sistema de archivos en el que el atacante tambi\u00e9n tiene acceso de escritura, es decir, la capacidad de editar archivos dentro del paquete `.app` en macOS contra el cual se supone que protegen estos fusibles. No existen workarounds en la aplicaci\u00f3n; debe actualizar a una versi\u00f3n parcheada de Electron."
}
],
"id": "CVE-2023-44402",
"lastModified": "2024-11-21T08:25:49.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-01T22:15:09.970",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-39956
Vulnerability from fkie_nvd - Published: 2023-09-06 21:15 - Updated: 2024-11-21 08:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "876893B6-020E-4F0C-ADA8-0AAAFDFB3922",
"versionEndExcluding": "22.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3C0714E9-9092-49C0-AD01-F56AF468BA49",
"versionEndExcluding": "23.3.13",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "95DEED4B-F4E0-486B-B46B-4397519235EC",
"versionEndExcluding": "24.7.1",
"versionStartIncluding": "24.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1BB069BB-C9A7-480C-A689-F83FC630534C",
"versionEndExcluding": "25.5.0",
"versionStartIncluding": "25.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "39BCC6D5-834D-4883-B7B8-89F7E67BC61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "EBEBCE23-C4FC-4EDC-BDC5-2FE8DB113EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "84FBB241-6F29-49FD-897B-0A0DFDF884FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "A88CA9F8-D261-4386-89FF-619F485DF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "6C56F8DA-3DF0-41F0-AA2B-A6038F0F5C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "8BA72227-F2E5-47FA-9A0E-15A7A4427633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "9EF46C92-82F7-4D80-BEA5-3E397E76EC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha8:*:*:*:node.js:*:*",
"matchCriteriaId": "82F847A9-299A-4EF8-B132-538B25B3CC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "AF7D1848-6965-4C53-8034-1927E36F51A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta10:*:*:*:node.js:*:*",
"matchCriteriaId": "513AF17A-CB29-4C15-831E-EA85A030CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta11:*:*:*:node.js:*:*",
"matchCriteriaId": "1A6182B1-2B14-4AD8-AE84-234399E57EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta12:*:*:*:node.js:*:*",
"matchCriteriaId": "25D4C39D-27FA-4463-8673-7FA542EC984F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "F204551A-6B2F-4C48-83F7-35B948B63CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "821BAF73-8B32-4659-B85D-C9E04A5E3FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "2A8A2C17-34D3-4726-A8F3-F122496AE57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "B4A630C6-9D54-4D96-9D49-D4CAAE9EA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "F71F0038-5C57-498D-9FFB-804975C24C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "1DA4DBAF-F34B-4788-AD0D-03A03008FB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "A6082EF5-BFE1-43EA-BCE9-A7420B50085C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta9:*:*:*:node.js:*:*",
"matchCriteriaId": "D31FA398-54AE-4162-9A0B-5CC367DBBF63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
},
{
"lang": "es",
"value": "\"Electron es un framework que le permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Las aplicaciones de Electron que se inician como ejecutables de l\u00ednea de comandos se ven afectadas. Espec\u00edficamente, este problema solo puede explotarse si se cumplen las siguientes condiciones: \n1. La aplicaci\u00f3n se inicia con un directorio de trabajo controlado por el atacante y \n2. El atacante tiene la capacidad de escribir archivos en ese directorio de trabajo.\nEsto hace que el riesgo sea bastante bajo, de hecho, normalmente los problemas de este tipo se consideran fuera de nuestro modelo de amenaza, ya que son similares a Chromium y excluimos los ataques f\u00edsicamente locales, pero dada la capacidad de este problema para eludir ciertas protecciones como la Integridad ASAR, se est\u00e1 tratando con niveles m\u00e1s altos de importancia. Este problema se solucion\u00f3 en las versiones: `26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13` y `22.3.19`. No existen workarounds en la aplicaci\u00f3n, los usuarios deben actualizar a una versi\u00f3n parcheada de Electron.\""
}
],
"id": "CVE-2023-39956",
"lastModified": "2024-11-21T08:16:06.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:13.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-29198
Vulnerability from fkie_nvd - Published: 2023-09-06 21:15 - Updated: 2024-11-21 07:56
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 25.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1C14CCD1-146F-4A22-B093-C9FEC8047E91",
"versionEndExcluding": "22.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B080AD66-1912-4AD2-BE21-B69935B4F04D",
"versionEndExcluding": "23.2.3",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "2635DE47-9315-4D0D-BA52-215D97A09BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "800543E5-0E06-4E9B-A18D-9857524244D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "47E4540B-0EAE-41B8-878F-F22C3BDF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "05448824-0FA1-41DF-938F-0FC5D82C9FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "FDB7E385-A58F-4B91-B7EE-75475D65038C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "2ADACB20-163D-4BE0-AFD9-D93A5D58A910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "8EEBC95D-093C-49BE-A309-DE544BCD698C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "501BF9A9-4EC1-485F-953B-E129252FC9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "8F28A9E8-D1CD-476F-9BF7-F205B1FCDBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "19F9825C-3265-411E-96E0-1C470D4F6830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "7CD55BDC-94ED-4ED8-905C-3AFBAB59AA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "E65B67F6-3AA6-4E7C-9290-C71A8CCB9A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "CC14A98C-9410-42A2-A71B-DC73C3855901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "01B7E19C-F35A-4EAD-9640-926EE76E5FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "509E7716-E3DB-4ABF-820D-514DEE59F251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:25.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "4F2529F8-84AF-4F04-BD1A-3C4A2AF49B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`."
},
{
"lang": "es",
"value": "Electron es un framework que le permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Las aplicaciones de Electron que usan `contextIsolation` y `contextBridge` se ven afectadas. Se trata de una omisi\u00f3n de aislamiento de contexto, lo que significa que el c\u00f3digo que se ejecuta en el contexto mundial principal en el renderizador puede acceder al contexto aislado de Electron y realizar acciones privilegiadas. Este problema solo se puede explotar si una API expuesta al mundo principal a trav\u00e9s de `contextBridge` puede devolver un objeto o matriz que contenga un objeto javascript que no se pueda serializar, por ejemplo, un contexto de representaci\u00f3n de lienzo. Esto normalmente dar\u00eda como resultado que se lanzara una excepci\u00f3n \"Error: el objeto no se pudo clonar\". El workaround del lado de la aplicaci\u00f3n es garantizar que tal caso no sea posible. Aseg\u00farese de que todos los valores devueltos por una funci\u00f3n expuesta a trav\u00e9s del puente de contexto sean compatibles. Este problema se solucion\u00f3 en las versiones `25.0.0-alpha.2`, `24.0.1`, `23.2.3` y `22.3.6`."
}
],
"id": "CVE-2023-29198",
"lastModified": "2024-11-21T07:56:41.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:11.560",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-23623
Vulnerability from fkie_nvd - Published: 2023-09-06 21:15 - Updated: 2024-11-21 07:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 23.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "EA67DC7F-0492-45A6-A585-C1F6BA8CB125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "8313BBF8-2C7B-471E-B379-E8F587EB4F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "9B73F495-8C0E-409E-86AC-2FC1A214AA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "77E1E30F-0BAC-409B-B2D3-FF3B1FDCFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "6C556804-A20C-4E9F-8F4D-8E824A0032D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "F0995881-8E6C-4B2C-9F3A-F10668916039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "EB9BD805-BAC9-425D-A590-28B0FB68C3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "197DA034-183C-4407-BD95-B610CBF980A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "D14A589D-E6F7-4ED7-A123-C83633AC2004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:23.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "8074214C-1787-46B6-A5CC-8DF31BC269EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers."
},
{
"lang": "es",
"value": "Electron es un framework que le permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Una pol\u00edtica de seguridad de contenido que deshabilita la evaluaci\u00f3n, espec\u00edficamente estableciendo una directiva `script-src` y _no_ proporcionando `unsafe-eval` en esa directiva, no se respeta en los renderizadores que tienen la zona de pruebas deshabilitada. es decir, `sandbox: false` en el objeto `webPreferences`. Esto permite el uso inesperado de m\u00e9todos como `eval()` y `new Function`, lo que puede resultar en una superficie de ataque ampliada. Este problema solo afect\u00f3 a las versiones principales 22 y 23 de Electron y se solucion\u00f3 en las \u00faltimas versiones de esas l\u00edneas de lanzamiento. Espec\u00edficamente, estas versiones contienen las correcciones: 22.0.1 y 23.0.0-alpha.2. Recomendamos que todas las aplicaciones actualicen a la \u00faltima versi\u00f3n estable de Electron. Si no es posible realizar la actualizaci\u00f3n, este problema se puede solucionar sin realizar la actualizaci\u00f3n habilitando `sandbox: true` en todos los renderizadores.\n"
}
],
"id": "CVE-2023-23623",
"lastModified": "2024-11-21T07:46:33.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:08.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36077
Vulnerability from fkie_nvd - Published: 2022-11-08 07:15 - Updated: 2024-11-21 07:12
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "138970C1-2C17-4B01-A90B-F9EE5A424B82",
"versionEndExcluding": "18.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "4E2B9D0E-3F68-446E-BFB5-4D17045C741D",
"versionEndExcluding": "19.0.11",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A1B82270-2ECF-412D-B346-BA918EE4D690",
"versionEndExcluding": "20.0.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "4CDC3C50-9ECE-4908-8A40-892BDE3A6D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "276FABBA-8CF8-4F24-B564-E2B92313BEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "DC332397-0312-4810-B793-5596CFA9CCF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "54A98448-0E15-4B53-8ABE-08FFA1421920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "46BFC0D2-1409-4FB3-8762-8250DC0D6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "BCE9B3DE-2959-4BC5-81D4-8ACC7C974D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "77D8118B-0A0C-467A-B60A-29F1C9C1B964",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(\u0027will-redirect\u0027)` event, for all WebContents as a workaround."
},
{
"lang": "es",
"value": "El framework Electron permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. En versiones anteriores a 21.0.0-beta.1, 20.0.1, 19.0.11 y 18.3.7, Electron es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial. Al seguir una redirecci\u00f3n, Electron retrasa la verificaci\u00f3n de la redirecci\u00f3n a file:// URL desde otros esquemas. El contenido del archivo no est\u00e1 disponible para el renderizador despu\u00e9s de la redirecci\u00f3n, pero si el destino de la redirecci\u00f3n es una URL SMB como `file://some.website.com/`, en algunos casos, Windows se conectar\u00e1 a ese servidor e intente la autenticaci\u00f3n NTLM, que puede incluir el env\u00edo de credenciales hash. Este problema se solucion\u00f3 en las versiones: 21.0.0-beta.1, 20.0.1, 19.0.11 y 18.3.7. Se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n estable de Electron. Si no es posible realizar la actualizaci\u00f3n, este problema se puede solucionar sin realizar la actualizaci\u00f3n evitando las redirecciones a las URL file:// en el evento `WebContents.on(\u0027will-redirect\u0027)`, para todos los WebContents como workaround alternativo."
}
],
"id": "CVE-2022-36077",
"lastModified": "2024-11-21T07:12:19.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-08T07:15:09.347",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-29257
Vulnerability from fkie_nvd - Published: 2022-06-13 22:15 - Updated: 2024-11-21 06:58
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8B47CB-180C-4491-89D5-7682B45C06FF",
"versionEndExcluding": "15.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B9A5F4-98BD-4C71-8971-7A2ED187B155",
"versionEndExcluding": "16.2.0",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4978EA-362E-46C8-A56B-4F4B47237C05",
"versionEndExcluding": "17.2.0",
"versionStartIncluding": "17.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DCBD6783-12BE-4D63-B403-188943FB4F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "989D1505-66D5-4855-A8FA-58F9566FF7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E6C15DE2-CA55-4A42-8D64-C44068B24B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2A4E764B-39E3-4C93-8F7F-1ACFA66FA51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B67FFDE1-21D0-412E-95FB-D86A350EC9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04F71865-1B3E-4882-B316-87AEAEB84A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CF914799-7DA1-4B93-9445-1DFCD72D6A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "3DE7DE50-D9B1-48D9-A8F8-2DF34B80BC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "2E8C22CB-3247-47F9-8E54-F694437090ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C8C94BE-5D08-4563-AF15-5FC06BB679AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "987FAB5C-E1EC-4831-9AA0-FAD35A376584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FAF77E7D-D445-480D-BEBF-A071B58475C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "570418D1-09E9-4A39-8F19-D4ABC1788983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4D0F4031-84D6-4E8D-AED5-D8C1E5ED3CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F2B316FE-6214-46FA-88FF-F684DD3D53C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "D8FA77A9-A4AF-404A-B144-97A3CE679444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6A9DB6A0-6C09-44F9-A76B-7600E9B44CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "470F4DB3-4AB0-402F-A18C-22A430993F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "11BEDA0E-71FE-4D37-B06F-FA4B281CD970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "05B3D931-5802-471E-AE40-9282CC03E4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "56721A2E-45B2-4D19-B25D-DD8628185B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "577CBB14-4AEF-4CF2-B203-88055A68810D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "16A23DCC-2355-4431-A452-40BC95D3164E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
},
{
"lang": "es",
"value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript (JS), HTML y CSS. Una vulnerabilidad en versiones anteriores a 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5, permite a atacantes que presentan el control de un determinado servidor de actualizaci\u00f3n de aplicaciones / almacenamiento de actualizaciones servir paquetes de actualizaci\u00f3n maliciosamente dise\u00f1ados que pasan la comprobaci\u00f3n de comprobaci\u00f3n de la firma de c\u00f3digo pero que contienen c\u00f3digo malicioso en algunos componentes. Este tipo de ataque requerir\u00eda privilegios significativos en la propia infraestructura de actualizaci\u00f3n autom\u00e1tica de una v\u00edctima potencial y la facilidad de ese ataque depende totalmente de la seguridad de la infraestructura de la v\u00edctima potencial. Electron versiones 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 contienen una correcci\u00f3n para este problema. No se presentan mitigaciones conocidas"
}
],
"id": "CVE-2022-29257",
"lastModified": "2024-11-21T06:58:49.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T22:15:08.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-29247
Vulnerability from fkie_nvd - Published: 2022-06-13 21:15 - Updated: 2024-11-21 06:58
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62A3846F-57BE-4ABE-A656-CA28FD62BA62",
"versionEndExcluding": "15.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3F2F40-BD84-4541-B5B3-5DC5DC3AEC24",
"versionEndExcluding": "16.2.6",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4978EA-362E-46C8-A56B-4F4B47237C05",
"versionEndExcluding": "17.2.0",
"versionStartIncluding": "17.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DCBD6783-12BE-4D63-B403-188943FB4F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "989D1505-66D5-4855-A8FA-58F9566FF7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E6C15DE2-CA55-4A42-8D64-C44068B24B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2A4E764B-39E3-4C93-8F7F-1ACFA66FA51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B67FFDE1-21D0-412E-95FB-D86A350EC9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04F71865-1B3E-4882-B316-87AEAEB84A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CF914799-7DA1-4B93-9445-1DFCD72D6A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "3DE7DE50-D9B1-48D9-A8F8-2DF34B80BC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "2E8C22CB-3247-47F9-8E54-F694437090ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C8C94BE-5D08-4563-AF15-5FC06BB679AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "987FAB5C-E1EC-4831-9AA0-FAD35A376584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FAF77E7D-D445-480D-BEBF-A071B58475C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "570418D1-09E9-4A39-8F19-D4ABC1788983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4D0F4031-84D6-4E8D-AED5-D8C1E5ED3CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F2B316FE-6214-46FA-88FF-F684DD3D53C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "D8FA77A9-A4AF-404A-B144-97A3CE679444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6A9DB6A0-6C09-44F9-A76B-7600E9B44CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "470F4DB3-4AB0-402F-A18C-22A430993F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "11BEDA0E-71FE-4D37-B06F-FA4B281CD970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "05B3D931-5802-471E-AE40-9282CC03E4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "56721A2E-45B2-4D19-B25D-DD8628185B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "577CBB14-4AEF-4CF2-B203-88055A68810D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "16A23DCC-2355-4431-A452-40BC95D3164E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
},
{
"lang": "es",
"value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript (JS), HTML y CSS. Una vulnerabilidad en las versiones anteriores a 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 permite que un renderizador con ejecuci\u00f3n de JS obtenga acceso a un nuevo proceso de renderizaci\u00f3n con \"nodeIntegrationInSubFrames\" habilitado, lo que a su vez permite el acceso efectivo a \"ipcRenderer\". La opci\u00f3n \"nodeIntegrationInSubFrames\" no concede impl\u00edcitamente el acceso a Node.js. M\u00e1s bien, depende de la configuraci\u00f3n del sandbox existente. Si una aplicaci\u00f3n est\u00e1 en sandbox, entonces \"nodeIntegrationInSubFrames\" s\u00f3lo da acceso a las APIs del renderizador en sandbox, que incluyen \"ipcRenderer\". Si la aplicaci\u00f3n expone adicionalmente mensajes IPC sin la comprobaci\u00f3n de IPC \"senderFrame\" que llevan a cabo acciones privilegiadas o devuelven datos confidenciales este acceso a \"ipcRenderer\" puede a su vez comprometer su aplicaci\u00f3n / usuario incluso con el sandbox habilitado. Electron versiones 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 contienen una correcci\u00f3n para este problema. Como soluci\u00f3n, aseg\u00farese de que todos los manejadores de mensajes IPC comprueban apropiadamente \"senderFrame\""
}
],
"id": "CVE-2022-29247",
"lastModified": "2024-11-21T06:58:48.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T21:15:07.763",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21718
Vulnerability from fkie_nvd - Published: 2022-03-22 17:15 - Updated: 2024-11-21 06:45
Severity ?
3.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/pull/32178 | Issue Tracking, Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/electron/electron/pull/32240 | Issue Tracking, Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/pull/32178 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/pull/32240 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749 | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4548B4FE-05C7-4B38-9BD9-F687DBFC0393",
"versionEndExcluding": "13.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A99CE214-CE9E-4241-B883-7201A737D111",
"versionEndExcluding": "14.2.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "619E557E-1349-4591-B668-A50BF968C28A",
"versionEndExcluding": "15.3.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B857C2-D1BD-4605-ABE1-497BDD5A4825",
"versionEndExcluding": "16.0.6",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "75600E5E-B4CB-4924-9CFD-E2877FFCCB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "AB42380B-2AE9-481E-BF57-1014E613D7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "4F76DDDC-1924-45C6-AB59-BD7BEA604098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "9C58C2CC-E9C0-4751-8254-41CFCDD24982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "E72DDD37-90EF-4517-8AEF-C3B584269C62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
},
{
"lang": "es",
"value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS. Una vulnerabilidad en las versiones anteriores a \"17.0.0-alpha.6\", \"16.0.6\", \"15.3.5\", \"14.2.4\" y \"13.6.6\" permite a renderizadores obtener acceso a un dispositivo bluetooth por medio de la API bluetooth de la web si la aplicaci\u00f3n no ha configurado un controlador de eventos personalizado \"select-bluetooth-device\". Esto ha sido parcheado y las versiones de Electron \"17.0.0-alpha.6\", \"16.0.6\", \"15.3.5\", \"14.2.4\" y \"13.6.6\" contienen la correcci\u00f3n. El c\u00f3digo del aviso de seguridad de GitHub puede a\u00f1adirse a la aplicaci\u00f3n para mitigar el problema"
}
],
"id": "CVE-2022-21718",
"lastModified": "2024-11-21T06:45:17.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-22T17:15:07.810",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32240"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39184
Vulnerability from fkie_nvd - Published: 2021-10-12 19:15 - Updated: 2024-11-21 06:18
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/pull/30728 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/pull/30728 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4 | Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED24D03-59B2-4E91-B807-7BD1B09D8389",
"versionEndExcluding": "11.5.0",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE5DF76-68D8-4E5F-8916-6F3F7140E7EE",
"versionEndExcluding": "12.1.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56BC24C9-C297-4D02-8601-B8F37449350B",
"versionEndExcluding": "13.3.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3152223A-E182-45F8-87EC-264B2DDD4B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D2007F6E-ECCB-4A7B-A4B6-24104A8D8AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "7134F6E7-427F-4187-B94B-1B1C1B1FE73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "82F84AAE-AD55-4565-9D41-DCAFCAA5D0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D63A3C29-E6F0-41A3-838F-F7BFA893CF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "4DD814A9-5A50-49EF-9053-B36B127D7AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "E0B813DB-A89D-48AD-A3F0-3D68AB7A087F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "C192B552-BE06-480C-86A7-59CC2291EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "CFDC76F2-A8CA-4063-A8DA-F63C04D70760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "98A43F4A-ED19-47D4-B4F9-7BC769E2F7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "DDB7F3FF-CDFF-4E23-B2D1-EF0AC8C75D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "430C057D-8574-44DB-B8A4-8ECD9BBA6B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "2CF66D1F-77B6-4A5E-AD93-921FF2FC3309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "871B25E4-F705-491D-842E-3D79B9351DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "2A59303D-7105-44E5-A91F-CBEF2F672F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "B2E8CF66-C123-4A63-BE8D-90321FF8A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "FEE680F3-CB4A-4298-A4B1-FDDE6BAB0896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "65DE71FB-0390-4D80-982E-D8709CD73573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0CF035B4-FEF5-4D53-B975-CAF66ACA1860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "88607FE5-5E91-4CD9-831A-2C353779BA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DAE6B51E-F47B-48F5-8249-C958E85AE708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "65B43BEC-8941-4587-A7AA-000456568E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "69CBF166-FF15-4E1C-83C1-207C1F67A7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "0817340D-82C9-4D79-9FF3-36F13260542D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F20755C8-D323-4CF8-ACA0-199081610342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "FD9A6155-8B6B-4C1B-80CB-A26779559AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F84883AD-A2C0-4075-BDB7-AAB8307DC099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "028E4C03-4A98-4311-8A19-825035C8EB14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "78FAAB9C-73D0-4DBC-B78F-293D75FDFC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "9709716E-896F-430E-9C5F-F898B46256E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "669329B9-EA55-4FEC-8543-A8FA1C0733BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "99904BC0-56A9-405C-A4C3-BCE30B840DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "755AE879-ACB3-450A-85B4-095E93CCF77A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "37428807-70D6-496C-82A0-2084F2BC2D51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
},
{
"lang": "es",
"value": "Electron es un framework para escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS. Una vulnerabilidad en las versiones anteriores a 11.5.0, 12.1.0 y 13.3.0, permite que un renderizador en sandbox requiera una imagen \"thumbnail\" de un archivo arbitrario en el sistema del usuario. La miniatura puede incluir potencialmente partes significativas del archivo original, incluyendo datos textuales en muchos casos. Las versiones 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0 y 11.5.0, contienen una correcci\u00f3n de la vulnerabilidad. Se presentan dos soluciones disponibles aparte de la actualizaci\u00f3n. Uno puede hacer que la vulnerabilidad sea significativamente m\u00e1s dif\u00edcil de explotar para un atacante al habilitar \"contextIsolation\" en la propia aplicaci\u00f3n. Tambi\u00e9n es posible deshabilitar la funcionalidad de la API \"createThumbnailFromPath\" si no es necesaria"
}
],
"id": "CVE-2021-39184",
"lastModified": "2024-11-21T06:18:49.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T19:15:07.987",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/30728"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/30728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-26272
Vulnerability from fkie_nvd - Published: 2021-01-28 19:15 - Updated: 2025-05-27 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8DEA8B-C7B1-4255-8EB4-60EF9660CB6C",
"versionEndExcluding": "9.4.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDE1D62-9F3E-41E3-8C5D-C5A200A280A4",
"versionEndExcluding": "10.2.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01855BDD-98F7-4577-AA6D-B1776EAF9AA5",
"versionEndExcluding": "11.1.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B8453EF9-E063-4398-A637-E70AEA0FC4D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "3FFBA70C-CEBE-425D-ABF7-4FF070BE1DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "A66951CF-8088-4A74-9E40-1145B3695C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "C4A7E569-0B63-4458-93A9-DC1BF3F708C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FA231DB9-14E3-4BF4-88B6-3AE122993CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D3101022-9B4D-4ABC-8D9A-1B8C74265567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "CB419AE9-5DFA-41D9-AB2C-C3CF18F1F08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "94A9223E-5B13-4A02-B16D-B6C7612745A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "BD90D1EB-DE25-4333-9029-CA8908271264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "3DED187D-2AE5-491C-94DE-5C44616DFE12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "980768C9-026E-4E03-AFE9-17C53B94D8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "75049DEC-3563-47AA-9D2A-90C4879D2B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "C5643422-9C2C-4493-A9F1-370945A817C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "3108EE52-D993-4CDC-9BD3-2C206F49F61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "3B194A32-4E7C-49E8-8C01-929FA26F7DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "0E07C2F2-1219-45BD-89B6-FB41D4A418F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "E44904CE-4107-44E0-8EEC-212B2F5CE561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "E88A6487-3293-4C46-BE5E-03BA641E0238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A50A9FEF-50D9-4A6E-A232-6F652D606A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "EB9F6591-69DB-4777-9BB8-80E2EB7692BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C4948E6E-916D-48BE-B238-95936BED449B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B6CCA15C-7957-4220-A3AB-085D503FF0C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7FA70916-C875-466C-8FDE-21E2464E6780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7EDDB343-462D-4459-8F91-AF746399017D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9A030AF7-8CEB-4C9B-AF89-08B30510813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6F63EB74-D040-4965-8987-6550559A9A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "66D5722B-D0DD-439D-B3F8-F5810B26F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "72ED1AF8-FB97-4B42-BB4D-43294E5D3B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6C743A41-E619-402A-AEDA-2994DC69B3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "103E66D7-6EF4-4E5E-BFAD-9F223E2F10A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "El framework Electron le permite escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS.\u0026#xa0;En las versiones afectadas de Electron IPC, los mensajes enviados desde el proceso principal a una subtrama en el proceso de renderizado, por medio de webContents.sendToFrame, event.reply o cuando se usa el m\u00f3dulo remoto, en algunos casos pueden enviarse a la trama incorrecta.\u0026#xa0;Si su aplicaci\u00f3n usa remoto, llama a webContents.sendToFrame, o llama a event.reply en un manejador de mensajes de IPC, entonces se ve afectado por este problema.\u0026#xa0;Esto se ha corregido en las versiones 9.4.0, 10.2.0, 11.1.0 y 12.0.0-beta.9.\u0026#xa0;No existen soluciones para este problema"
}
],
"id": "CVE-2020-26272",
"lastModified": "2025-05-27T16:15:21.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-28T19:15:13.003",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2023-44402 (GCVE-0-2023-44402)
Vulnerability from cvelistv5 – Published: 2023-12-01 21:45 – Updated: 2024-08-02 20:07
VLAI?
Summary
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.
Severity ?
6.1 (Medium)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"name": "https://github.com/electron/electron/pull/39788",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.24"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-alpha.1, \u003c= 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0-alpha.1, \u003c 24.8.3"
},
{
"status": "affected",
"version": "\u003e= 25.0.0-alpha.1, \u003c 25.8.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-alpha.1, \u003c 26.2.1"
},
{
"status": "affected",
"version": "\u003e= 27.0.0-alpha.1, \u003c 27.0.0-alpha.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T21:45:18.379Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"name": "https://github.com/electron/electron/pull/39788",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"source": {
"advisory": "GHSA-7m48-wc93-9g85",
"discovery": "UNKNOWN"
},
"title": "ASAR Integrity bypass via filetype confusion in electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44402",
"datePublished": "2023-12-01T21:45:18.379Z",
"dateReserved": "2023-09-28T17:56:32.615Z",
"dateUpdated": "2024-08-02T20:07:33.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23623 (GCVE-0-2023-23623)
Vulnerability from cvelistv5 – Published: 2023-09-06 20:16 – Updated: 2024-09-26 17:48
VLAI?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.
Severity ?
7.5 (High)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "electron",
"vendor": "atom",
"versions": [
{
"lessThan": "22.0.1",
"status": "affected",
"version": "22.0.0_beta.1",
"versionType": "custom"
},
{
"lessThan": "23.0.0_alpha.2",
"status": "affected",
"version": "23.0.0_alpha.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:45:10.379594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:48:22.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-beta.1, \u003c 22.0.1"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-alpha.1, \u003c 23.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:16:10.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"source": {
"advisory": "GHSA-gxh7-wv9q-fwfr",
"discovery": "UNKNOWN"
},
"title": "Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23623",
"datePublished": "2023-09-06T20:16:10.381Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2024-09-26T17:48:22.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29198 (GCVE-0-2023-29198)
Vulnerability from cvelistv5 – Published: 2023-09-06 20:13 – Updated: 2024-09-26 15:12
VLAI?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.
Severity ?
6 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:07.613258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:12:58.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.6"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.2.3"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.0.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0-alpha.1, \u003c 25.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:13:56.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"source": {
"advisory": "GHSA-p7v2-p9m8-qqg7",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass via nested unserializable return value in Electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29198",
"datePublished": "2023-09-06T20:13:56.313Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-09-26T15:12:58.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39956 (GCVE-0-2023-39956)
Vulnerability from cvelistv5 – Published: 2023-09-06 20:09 – Updated: 2024-09-26 15:17
VLAI?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.
Severity ?
6.1 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:20.784199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:17:59.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.19"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.7.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.4.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-beta.1, \u003c 26.0.0-beta.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:09:33.185Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"source": {
"advisory": "GHSA-7x97-j373-85x5",
"discovery": "UNKNOWN"
},
"title": "Electron: Out-of-package code execution when launched with arbitrary cwd"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39956",
"datePublished": "2023-09-06T20:09:33.185Z",
"dateReserved": "2023-08-07T16:27:27.075Z",
"dateUpdated": "2024-09-26T15:17:59.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36077 (GCVE-0-2022-36077)
Vulnerability from cvelistv5 – Published: 2022-11-08 00:00 – Updated: 2025-04-23 16:40
VLAI?
Summary
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.
Severity ?
7.2 (High)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:49:23.434463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:40:13.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= v21.0.0-nightly.20220526, \u003c 21.0.0-beta.1"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-beta.1, \u003c 20.0.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-beta.1, \u003c 19.0.11"
},
{
"status": "affected",
"version": "\u003c 18.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(\u0027will-redirect\u0027)` event, for all WebContents as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"source": {
"advisory": "GHSA-p2jh-44qj-pf2v",
"discovery": "UNKNOWN"
},
"title": "Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36077",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:40:13.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29257 (GCVE-0-2022-29257)
Vulnerability from cvelistv5 – Published: 2022-06-13 21:25 – Updated: 2025-04-23 18:16
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.
Severity ?
6.6 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:52:31.484526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:16:23.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"status": "affected",
"version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T21:25:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"source": {
"advisory": "GHSA-77xc-hjv8-ww97",
"discovery": "UNKNOWN"
},
"title": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29257",
"STATE": "PUBLIC",
"TITLE": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 15.5.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
]
},
"source": {
"advisory": "GHSA-77xc-hjv8-ww97",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29257",
"datePublished": "2022-06-13T21:25:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:16:23.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29247 (GCVE-0-2022-29247)
Vulnerability from cvelistv5 – Published: 2022-06-13 21:05 – Updated: 2025-04-23 18:16
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
Severity ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:29.437546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:16:29.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"status": "affected",
"version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T21:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"source": {
"advisory": "GHSA-mq8j-3h7h-p8g7",
"discovery": "UNKNOWN"
},
"title": "Exposure of Resource to Wrong Sphere in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29247",
"STATE": "PUBLIC",
"TITLE": "Exposure of Resource to Wrong Sphere in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 15.5.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
]
},
"source": {
"advisory": "GHSA-mq8j-3h7h-p8g7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29247",
"datePublished": "2022-06-13T21:05:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:16:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21718 (GCVE-0-2022-21718)
Vulnerability from cvelistv5 – Published: 2022-03-22 16:25 – Updated: 2025-04-23 18:45
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
Severity ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:35.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:46.712540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:45:03.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 13.6.6"
},
{
"status": "affected",
"version": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"status": "affected",
"version": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T16:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
},
"title": "Renderers can obtain access to random bluetooth device without permission in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21718",
"STATE": "PUBLIC",
"TITLE": "Renderers can obtain access to random bluetooth device without permission in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 13.6.6"
},
{
"version_value": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"version_value": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"version_value": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"name": "https://github.com/electron/electron/pull/32178",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32178"
},
{
"name": "https://github.com/electron/electron/pull/32240",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32240"
}
]
},
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21718",
"datePublished": "2022-03-22T16:25:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:45:03.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39184 (GCVE-0-2021-39184)
Vulnerability from cvelistv5 – Published: 2021-10-12 19:05 – Updated: 2024-08-04 01:58
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
Severity ?
6.8 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/30728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5.0"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.0"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T19:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/30728"
}
],
"source": {
"advisory": "GHSA-mpjm-v997-c4h4",
"discovery": "UNKNOWN"
},
"title": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39184",
"STATE": "PUBLIC",
"TITLE": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5.0"
},
{
"version_value": "\u003e= 12.0.0, \u003c 12.1.0"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.3.0"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"name": "https://github.com/electron/electron/pull/30728",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/30728"
}
]
},
"source": {
"advisory": "GHSA-mpjm-v997-c4h4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39184",
"datePublished": "2021-10-12T19:05:11",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26272 (GCVE-0-2020-26272)
Vulnerability from cvelistv5 – Published: 2021-01-28 18:25 – Updated: 2025-05-27 15:20
VLAI?
Summary
The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.
Severity ?
5.4 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 9.4.0"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.2.0"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:20:11.927Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"name": "https://github.com/electron/electron/pull/26875",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"name": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"name": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"
},
{
"name": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"
},
{
"name": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"
},
{
"name": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"
},
{
"name": "https://github.com/electron/electron/releases/tag/v9.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"name": "https://www.electronjs.org/releases/stable?version=9#9.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"source": {
"advisory": "GHSA-hvf8-h2qh-37m9",
"discovery": "UNKNOWN"
},
"title": "Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26272",
"datePublished": "2021-01-28T18:25:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2025-05-27T15:20:11.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44402 (GCVE-0-2023-44402)
Vulnerability from nvd – Published: 2023-12-01 21:45 – Updated: 2024-08-02 20:07
VLAI?
Summary
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.
Severity ?
6.1 (Medium)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"name": "https://github.com/electron/electron/pull/39788",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.24"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-alpha.1, \u003c= 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0-alpha.1, \u003c 24.8.3"
},
{
"status": "affected",
"version": "\u003e= 25.0.0-alpha.1, \u003c 25.8.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-alpha.1, \u003c 26.2.1"
},
{
"status": "affected",
"version": "\u003e= 27.0.0-alpha.1, \u003c 27.0.0-alpha.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T21:45:18.379Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"name": "https://github.com/electron/electron/pull/39788",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"source": {
"advisory": "GHSA-7m48-wc93-9g85",
"discovery": "UNKNOWN"
},
"title": "ASAR Integrity bypass via filetype confusion in electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44402",
"datePublished": "2023-12-01T21:45:18.379Z",
"dateReserved": "2023-09-28T17:56:32.615Z",
"dateUpdated": "2024-08-02T20:07:33.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23623 (GCVE-0-2023-23623)
Vulnerability from nvd – Published: 2023-09-06 20:16 – Updated: 2024-09-26 17:48
VLAI?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.
Severity ?
7.5 (High)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "electron",
"vendor": "atom",
"versions": [
{
"lessThan": "22.0.1",
"status": "affected",
"version": "22.0.0_beta.1",
"versionType": "custom"
},
{
"lessThan": "23.0.0_alpha.2",
"status": "affected",
"version": "23.0.0_alpha.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:45:10.379594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:48:22.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-beta.1, \u003c 22.0.1"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-alpha.1, \u003c 23.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:16:10.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"source": {
"advisory": "GHSA-gxh7-wv9q-fwfr",
"discovery": "UNKNOWN"
},
"title": "Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23623",
"datePublished": "2023-09-06T20:16:10.381Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2024-09-26T17:48:22.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29198 (GCVE-0-2023-29198)
Vulnerability from nvd – Published: 2023-09-06 20:13 – Updated: 2024-09-26 15:12
VLAI?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.
Severity ?
6 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:07.613258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:12:58.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.6"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.2.3"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.0.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0-alpha.1, \u003c 25.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:13:56.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"source": {
"advisory": "GHSA-p7v2-p9m8-qqg7",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass via nested unserializable return value in Electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29198",
"datePublished": "2023-09-06T20:13:56.313Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-09-26T15:12:58.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39956 (GCVE-0-2023-39956)
Vulnerability from nvd – Published: 2023-09-06 20:09 – Updated: 2024-09-26 15:17
VLAI?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.
Severity ?
6.1 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:20.784199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:17:59.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.19"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.7.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.4.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-beta.1, \u003c 26.0.0-beta.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:09:33.185Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"source": {
"advisory": "GHSA-7x97-j373-85x5",
"discovery": "UNKNOWN"
},
"title": "Electron: Out-of-package code execution when launched with arbitrary cwd"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39956",
"datePublished": "2023-09-06T20:09:33.185Z",
"dateReserved": "2023-08-07T16:27:27.075Z",
"dateUpdated": "2024-09-26T15:17:59.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36077 (GCVE-0-2022-36077)
Vulnerability from nvd – Published: 2022-11-08 00:00 – Updated: 2025-04-23 16:40
VLAI?
Summary
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.
Severity ?
7.2 (High)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:49:23.434463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:40:13.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= v21.0.0-nightly.20220526, \u003c 21.0.0-beta.1"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-beta.1, \u003c 20.0.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-beta.1, \u003c 19.0.11"
},
{
"status": "affected",
"version": "\u003c 18.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(\u0027will-redirect\u0027)` event, for all WebContents as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"source": {
"advisory": "GHSA-p2jh-44qj-pf2v",
"discovery": "UNKNOWN"
},
"title": "Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36077",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:40:13.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29257 (GCVE-0-2022-29257)
Vulnerability from nvd – Published: 2022-06-13 21:25 – Updated: 2025-04-23 18:16
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.
Severity ?
6.6 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:52:31.484526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:16:23.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"status": "affected",
"version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T21:25:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"source": {
"advisory": "GHSA-77xc-hjv8-ww97",
"discovery": "UNKNOWN"
},
"title": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29257",
"STATE": "PUBLIC",
"TITLE": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 15.5.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
]
},
"source": {
"advisory": "GHSA-77xc-hjv8-ww97",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29257",
"datePublished": "2022-06-13T21:25:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:16:23.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29247 (GCVE-0-2022-29247)
Vulnerability from nvd – Published: 2022-06-13 21:05 – Updated: 2025-04-23 18:16
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
Severity ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:29.437546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:16:29.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"status": "affected",
"version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T21:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"source": {
"advisory": "GHSA-mq8j-3h7h-p8g7",
"discovery": "UNKNOWN"
},
"title": "Exposure of Resource to Wrong Sphere in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29247",
"STATE": "PUBLIC",
"TITLE": "Exposure of Resource to Wrong Sphere in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 15.5.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
]
},
"source": {
"advisory": "GHSA-mq8j-3h7h-p8g7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29247",
"datePublished": "2022-06-13T21:05:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:16:29.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21718 (GCVE-0-2022-21718)
Vulnerability from nvd – Published: 2022-03-22 16:25 – Updated: 2025-04-23 18:45
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
Severity ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:35.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:46.712540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:45:03.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 13.6.6"
},
{
"status": "affected",
"version": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"status": "affected",
"version": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T16:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
},
"title": "Renderers can obtain access to random bluetooth device without permission in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21718",
"STATE": "PUBLIC",
"TITLE": "Renderers can obtain access to random bluetooth device without permission in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 13.6.6"
},
{
"version_value": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"version_value": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"version_value": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"name": "https://github.com/electron/electron/pull/32178",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32178"
},
{
"name": "https://github.com/electron/electron/pull/32240",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32240"
}
]
},
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21718",
"datePublished": "2022-03-22T16:25:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:45:03.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39184 (GCVE-0-2021-39184)
Vulnerability from nvd – Published: 2021-10-12 19:05 – Updated: 2024-08-04 01:58
VLAI?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
Severity ?
6.8 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/30728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5.0"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.0"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T19:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/30728"
}
],
"source": {
"advisory": "GHSA-mpjm-v997-c4h4",
"discovery": "UNKNOWN"
},
"title": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39184",
"STATE": "PUBLIC",
"TITLE": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5.0"
},
{
"version_value": "\u003e= 12.0.0, \u003c 12.1.0"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.3.0"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"name": "https://github.com/electron/electron/pull/30728",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/30728"
}
]
},
"source": {
"advisory": "GHSA-mpjm-v997-c4h4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39184",
"datePublished": "2021-10-12T19:05:11",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26272 (GCVE-0-2020-26272)
Vulnerability from nvd – Published: 2021-01-28 18:25 – Updated: 2025-05-27 15:20
VLAI?
Summary
The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.
Severity ?
5.4 (Medium)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 9.4.0"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.2.0"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:20:11.927Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"name": "https://github.com/electron/electron/pull/26875",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"name": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"name": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"
},
{
"name": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"
},
{
"name": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"
},
{
"name": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"
},
{
"name": "https://github.com/electron/electron/releases/tag/v9.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"name": "https://www.electronjs.org/releases/stable?version=9#9.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"source": {
"advisory": "GHSA-hvf8-h2qh-37m9",
"discovery": "UNKNOWN"
},
"title": "Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26272",
"datePublished": "2021-01-28T18:25:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2025-05-27T15:20:11.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}