Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-21718
HistoryMar 22, 2022 - 5:15 p.m.

CVE-2022-21718

2022-03-2217:15:07
Google
osv.dev
3
electron
vulnerability
bluetooth
web api
patch

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

50.0%

JSON

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. This has been patched and Electron versions 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.

Related

osv 1
prion 1
hackerone 1
github 1
cve 1
veracode 1
nvd 1
cvelist 1
osv
osv
Renderers can obtain access to random bluetooth device without permission in Electron
2022-03-22 18:49:36
prion
prion
Design/Logic Flaw
2022-03-22 17:15:00
hackerone
hackerone
Internet Bug Bounty: Renderers can obtain access to random bluetooth device without permission
2022-03-22 18:27:19
github
github
Renderers can obtain access to random bluetooth device without permission in Electron
2022-03-22 18:49:36
cve
cve
CVE-2022-21718
2022-03-22 17:15:07
veracode
veracode
Privilege Escalation
2022-03-23 04:19:01
nvd
nvd
CVE-2022-21718
2022-03-22 17:15:07
cvelist
cvelist
CVE-2022-21718 Renderers can obtain access to random bluetooth device without permission in Electron
2022-03-22 16:25:12

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

50.0%

JSON
Related for OSV:CVE-2022-21718
osv1prion1hackerone1github1cve1veracode1nvd1cvelist1