5 matches found
CVE-2022-29247
Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module (CVE-2022-29247, CVE-2022-36077)
Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module CVE-2022-29247, CVE-2022-36077. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes electron v21.2.0 Vulnerability Details CVEID:CVE-2022-36077...
0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +336 more potentially affected by CVE-2022-29247 via electron (>=0.1.2 <=15.3.7)
electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.0, =4.0.23, =0.0.73, =3.0.0, =2.10.0, =2.18.0-dev.10 and more Source cves: CVE-2022-29247 Source advisory: OSV:GHSA-MQ8J-3H7H-P8G7...
CVE-2022-29247
CVE-2022-29247 — Electron IPC leakage via nodeIntegrationInSubFrames . The issue affects Electron versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5. A renderer with JS execution can gain access to a new renderer process when nodeIntegrationInSubFrames is enabled, which can expose access...
CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron
Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...