CVE-2021-39184

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potential...

SUSE CVE-2021-39184

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potential...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron that allows a...

Slack: Unauthenticated Access to some old file thumbnails

File thumbnails which were uploaded before the implementation of auth checks do not have those checks retroactively applied. However, their URLs contain a secret which prevents guessing or brute-forcing of their location. Well, since you hid all the details which is why I requested disclosure in...