Electron Security Vulnerabilities and Issues — Electron CVE List

Lucene search

ElectronjsElectron

4 matches found

CVE•added 2023/09/06 9:15 p.m.•2569 views

CVE-2023-29198

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach int...

8.5CVSS6.9AI score0.00148EPSS

CVE•added 2023/09/06 9:15 p.m.•446 views

CVE-2023-39956

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with a...

6.6CVSS6.7AI score0.00027EPSS

CVE•added 2023/09/06 9:15 p.m.•119 views

CVE-2023-23623

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandbox...

9.8CVSS8.7AI score0.00501EPSS

CVE•added 2023/12/01 10:15 p.m.•38 views

CVE-2023-44402

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific ...

7CVSS6.2AI score0.00115EPSS