4 matches found
Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Input Validation due to electron (CVE-2022-29257)
Summary IBM App Connect Enterprise is vulnerable to Improper Input Validation due to electron CVE-2022-29257. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fix pack includes electron 19.0.10. Vulnerability Details CVEID:CVE-2022-29257 DESCRIPTION: Node.js...
0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +336 more potentially affected by CVE-2022-29257 via electron (>=0.1.2 <=15.3.7)
electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.0, =4.0.23, =0.0.73, =3.0.0, =2.10.0, =2.18.0-dev.10 and more Source cves: CVE-2022-29257 Source advisory: OSV:GHSA-77XC-HJV8-WW97...
CVE-2022-29257
creationtimestamp| type| source ---|---|--- 2022-06-14 02:18:21+00:00| seen| https://t.me/cibsecurity/44349...
CVE-2022-29257 Electron's AutoUpdater module fails to validate certain nested components of the bundle
Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...