Electron@* Security Vulnerabilities and Issues — Electron@* CVE List

Lucene search

ElectronjsElectron*

8 matches found

CVE•added 2023/09/06 9:15 p.m.•2573 views

CVE-2023-29198

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach int...

8.5CVSS6.9AI score0.00148EPSS

CVE•added 2022/06/13 9:15 p.m.•485 views

CVE-2022-29247

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

9.8CVSS6.5AI score0.00388EPSS

CVE•added 2023/09/06 9:15 p.m.•447 views

CVE-2023-39956

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with a...

6.6CVSS6.7AI score0.00027EPSS

CVE•added 2022/03/22 5:15 p.m.•115 views

CVE-2022-21718

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not config...

5CVSS4.4AI score0.00935EPSS

CVE•added 2022/06/13 10:15 p.m.•76 views

CVE-2022-29257

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...

7.2CVSS6.7AI score0.00413EPSS

CVE•added 2022/11/08 7:15 a.m.•58 views

CVE-2022-36077

The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting...

7.2CVSS6.2AI score0.00092EPSS

CVE•added 2020/07/07 12:15 a.m.•47 views

CVE-2020-15096

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There ...

6.8CVSS6.4AI score0.00237EPSS

CVE•added 2018/06/07 2:29 a.m.•43 views

CVE-2017-16151

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled...

9.8CVSS9.6AI score0.02845EPSS