Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.6 views

CVE-2022-29247

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

9.8CVSS6.7AI score0.00976EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 9:16 a.m.108 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module (CVE-2022-29247, CVE-2022-36077)

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module CVE-2022-29247, CVE-2022-36077. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes electron v21.2.0 Vulnerability Details CVEID:CVE-2022-36077...

9.8CVSS5.3AI score0.00976EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/06/16 11:14 p.m.4 views

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +336 more potentially affected by CVE-2022-29247 via electron (>=0.1.2 <=15.3.7)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.0, =4.0.23, =0.0.73, =3.0.0, =2.10.0, =2.18.0-dev.10 and more Source cves: CVE-2022-29247 Source advisory: OSV:GHSA-MQ8J-3H7H-P8G7...

9.8CVSS7.2AI score0.00976EPSS
Exploits0
CVE
CVE
added 2022/06/13 9:5 p.m.499 views

CVE-2022-29247

CVE-2022-29247 — Electron IPC leakage via nodeIntegrationInSubFrames . The issue affects Electron versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5. A renderer with JS execution can gain access to a new renderer process when nodeIntegrationInSubFrames is enabled, which can expose access...

9.8CVSS6.5AI score0.00976EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/13 9:5 p.m.7 views

CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

2.2CVSS9.4AI score0.00976EPSS
Exploits0References1
Rows per page
Query Builder