Electron: USB device selection not validated against filtered device list

Impact The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's...

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

PT-2022-15061 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 17.0.0-alpha.6 Electron versions prior to 16.0.6 Electron versions prior to 15.3.5 Electron versions prior to 14.2.4 Electron versions prior to 13.6.6 Description: A vulnerability in Electron allows renderers to...

OPENSUSE-SU-2022:0070-1 Security update for nodejs-electron

This update for nodejs-electron fixes the following issues: - Fix webpack-4 with OpenSSL 3.0 Update to version 16.0.9 https://github.com/electron/electron/releases/tag/v16.0.9 Update to version 16.0.8 https://github.com/electron/electron/releases/tag/v16.0.8 - Add devel package with node headers...

GHSA-56PC-6JQP-XQJ8 Context isolation bypass in Electron

Impact Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nativeWindowOpen: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context an...

alertminer-alpha (=1.0.0), electron-prebuilt-compile (>=1.7.0 <=1.7.1) +2 more potentially affected by CVE-2018-1000006 via electron (>=1.7.0 <=1.7.10)

electron NPM version =1.7.0, =1.7.0, =1.0.0, =1.0.1 Source cves: CVE-2018-1000006 Source advisory: OSV:GHSA-W222-53C6-C86P...